“You can have great policy, you can have great DOD directives and DOD instructions, but if it’s not in enforceable contract language, no one is going to pay attention to it.” — John Keane
Before my presentation at the Department of Homeland Security “Software and Supply Chain Assurance September Forum” in Washington, DC last week, I was able to catch up with John Keane, the security industry’s Software Angel of Death.
“I’m stunned by the number of people who try to make up excuses to do the harder wrong than the easier right. Unfortunately, that’s what we’re dealing with.” — John Keane
Listen to the full interview: John Keane – The Software Angel of Death
John and I discuss the idea of contracts, and enforceable contract language, that hold people accountable for what they develop. From there, we get into how developers can become more security conscious just by the tools that they use.
“I believe that you teach them (developers) by giving them tools that say, ‘No. The line of code should have been written this way.” — John Keane