Taking responsibility for security

Many of the most devastating security issues we have to deal with arise from flaws in the software we use. And as applications have moved to the web, this has created an irresistible attack surface. To some extent, the most commonly occurring problems have been tackled through security features baked into the web application frameworks now so commonly used by developers. And yet vulnerabilities persist. We spoke to Sasha Zivojinovic at Context Information Security about how developers still need to understand and take responsibility for security. Many of the most devastating security issues we have to deal with arise from flaws in the software we use. And as applications have moved to the web, this has created an irresistible attack surface for hackers and cyber-criminals. To some extent, the most commonly occurring problems have been tackled through security features baked into the web application frameworks now so commonly used by developers. And yet vulnerabilities - and exploits - persist. So what's going on? We spoke to Sasha Zivojinovic, a lead security consultant with Context Information Security, about how developers still need to understand and take responsibility for the security of their solutions. © 2015 Elsevier Ltd.