MattPalmer's comments

MattPalmer | 8 years ago | on: The OWASP Top 10 is killing me

One might hope that these low hanging fruit would be addressed, leaving more sophisticated attacks to fill the top 10.

Buffer overflows used to be a major vulnerability. These only stopped being such a major problem when languages that prevented them became widely used.

The lesson is probably that developers and the business don't have the time or inclination to address them, and the nest defence is to make the problem impossible rather than relying on good security practices being followed.

MattPalmer | 8 years ago | on: Ask HN: Best hard scifi AI novels?

Yes, I also thought of this and wondered if it was hard... But it is great!

MattPalmer | 8 years ago | on: Ask HN: If you were a coder who successfully changed careers, what do you do now?

Around 2003 I was a chief technical architect at a startup. We had to secure access to the products and I realised I had no clue. I read Security Engineering by Ross Anderson and was hooked. Went on to do a Masters in Information Security while still coding, and gradually moved into the security field.

I still spend a lot of time with developers, currently doing a lot on integrating security with continuous deployment and agile projects.

I was talking with a developer recently, who said he loves coding, so that's why he does it for a living. I replied that I also love coding, and that's why I don't do it for a living!