Skip to content

Commit ce33ed1

Browse files
david-a-wheelerdavid-a-wheeler
committed
Tweaked version of #55
This is a tweaked version of #55 from @oliviagallucci. Signed-off-by: David A. Wheeler <[email protected]>
1 parent 4f14dc9 commit ce33ed1

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

secure_software_development_fundamentals.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -490,9 +490,9 @@ One of the risks when developing and deploying software is that attacker(s) will
490490

491491
**🚩 If people start using the software you develop, _expect_ that intelligent adversaries will try to attack it.**
492492

493-
But while you cannot prevent attackers from trying to attack it, you can make it difficult for an attack to succeed, or reduce the impact if an attack succeeds. You can do this by taking steps throughout software development and deployment to reduce the risks to an acceptably low level. If your software is widely-used or depended on for vital tasks, then it is especially important that you work to manage those risks to your users.
493+
While you cannot prevent attackers from attacking software, you can make it difficult for an attack to succeed, or reduce the impact if an attack succeeds. You can do this by taking steps throughout software development and deployment to reduce the risks to an acceptably low level. If your software is widely-used or depended on for vital tasks, then it is especially important that you work to manage those risks to your users.
494494

495-
Do *not* wait to think about risks until they happen. Then they are no longer risks - they are *problems*. It is a lot easier and cheaper to address risks *before* they become problems! It is much easier to design the software to minimize risks than to change the software later. It is also better for the user, better for your professional reputation, and better for the reputation of that software.
495+
Do *not* wait to think about risks until they happen. Then they are no longer risks - they are *problems*. It is easier and cheaper to address risks *before* they become problems! It is much easier to design the software to minimize risks than to change the software later. It is also better for the user, your professional reputation, the software's reputation, and any related organization's reputation.
496496

497497
#### Risk Management Process
498498

0 commit comments

Comments
 (0)