At least have few lessons let them remember not to roll their own crypto, and respect those scary warnings. These needs to be engraved into their mind.
I agree security audit would catch this, but that’s something after the fact. There is a need for a more preventative solution.
Security audits should be preventative. Have them before any significant change in infrastructure is released, and have them periodically as a backup.
I had a cryptography and security class in college (I took the elective), and honestly, we didn’t cover all that much that’s actually relevant to the industry, and everything that was relevant was quickly outdated. That’s not going to be a solution, we need a greater appreciation for security audits.
At least have few lessons let them remember not to roll their own crypto, and respect those scary warnings. These needs to be engraved into their mind.
I agree security audit would catch this, but that’s something after the fact. There is a need for a more preventative solution.
Security audits should be preventative. Have them before any significant change in infrastructure is released, and have them periodically as a backup.
I had a cryptography and security class in college (I took the elective), and honestly, we didn’t cover all that much that’s actually relevant to the industry, and everything that was relevant was quickly outdated. That’s not going to be a solution, we need a greater appreciation for security audits.