So, recently I asked my Twitter followers to answer the following:
"In 3 words describe the Challenges of Software Security Professionals".
What I got back were some 93 or so answers... some meant to be funny, others absolutely serious... but all convey a few points. The spreadsheet is here if you want to see it for yourself. (I will try and keep this available for a while so everyone can take a peek).
Now, while some of you jokingly went through and re-sorted each of the columns to make up some fascinating combinations ... in the end a word cloud emerged that told an interesting story (thanks to Chris Sumner, aka @TheSuggmeister on Twitter).
Frankly folks, I'm not sure what to make of this.
The first few words that strike me besides developers (obviously?) is the big BUDGET right in the middle, then security in smaller print (which is weird, isn't it?)... then I get caught up on education, fix, nobody... then CLICK... then communication, insufficient and LACK in big bold letters.
My eye even gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang... we're a cynical bunch aren't we.
The thing is, this is probably the correct sentiment when looking critically at software security challenges from the security practitioners point of view. Makes me wish I had access to more developers on Twitter... I wonder if they would answer differently.
So what catches your attention? What are your eyes drawn to? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise?
Cross-posted from Following the White Rabbit