Engineers, being geeks, do not follow traditional reward models very well - engineering is rewarding, whether you write buffer overflows or not. They need negative re-inforcement to close the feedback loop.
I would propose forcing anyone who writes code containing a buffer overflow to work one week on company sanitation duty. Lesser punishments could be administered for those who write more obscure security flaws - kitchen duty, IT duty, or QA.
Slashdot Mirror
Engineers, being geeks, do not follow traditional reward models very well - engineering is rewarding, whether you write buffer overflows or not. They need negative re-inforcement to close the feedback loop.
I would propose forcing anyone who writes code containing a buffer overflow to work one week on company sanitation duty. Lesser punishments could be administered for those who write more obscure security flaws - kitchen duty, IT duty, or QA.