
Doomed
A friend of mine just got back into development after years of teaching high school and is getting back up to speed on coding Web applications. I suspect his focus will be on getting his code to work at all. The application he's writing might net him a small paycheck, but his focus is going to be on nailing down future employment opportunities. I suspect that the odds of him ruthlessly sanitizing his inputs according to this model are slim. Not saying that he's not to be held accountable for secure coding, but what are the new programmers (or old, set-in-their-ways, programmers) to do? What's being described sounds like a lot of hard, painstaking work of the sort that management won't care about when it gets in the way of adding features or hitting release targets. I know that the readership of El Reg are literally the best programmers on Earth (in their own minds, at least), so what's the answer, guys?