Rietta: Web Apps Where Security Matters
You are reading The Rietta Blog, a publication about the web since 2005.

Software Security Is a Moral Duty


All too often robust security is put off because the cost of prevention is felt upfront and the cost of breach is to realized at an uncertain future time and mostly by third parties. In the name of saving money, organizations continue to run out of date operating systems, reject appropriate strong encryption systems, fail to deploy sufficient network security, and refuse to employ and empower appropriate security staffs. In the end, security is seen as an expense to be minimized as part of a risk management program. But there is another way.

Security must be seen as a moral imperative. Any person or company that is put into a position of trust with regards to other people’s information, must protect that information even at great expense. If the cost is too great to bear, then it is the moral duty to not ask for the information in the first place. It is not acceptable to put people at risk just for economic gain. An adversary cannot steal data from you that your system does not process.

Fortunately, the cost of security is not always high. The cost of preventing a data breach is most always lower than the cost of a breach itself.

About Frank Rietta

Frank Rietta's photo

Frank Rietta is a web application security consultant, software developer, author, and speaker. He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology. He teaches about security topics and is a contributor to the security chapter of the 7th edition of the "Fundamentals of Database Systems" textbook published by Addison-Wesley.