There are a number of factors that have changed the development environment and the way you design applications. The most significant of these factors is the whole Bring Your Own Device (BYOD) phenomenon. Users bring devices from home and simply expect them to work. They don’t want to hear that their favorite device, no matter how obscure or unpopular, won’t work with your application. Because these devices aren’t under the IT department’s control, are completely unsecured, and could be loaded with all sorts of nasty software, you have to assume that your application is always under attack.
Years of trying to convince users to adopt safer computing practices has also convinced me that users are completely unconcerned about security, even when a lack of security damages data. All the user knows is that the application is supposed to work whenever called upon to do so. It’s someone else’s responsibility to ensure that application data remains safe and that the application continues to function no matter how poorly treated by the user (through ignorance or irresponsible behavior is beside the point). Because of this revelation of human behavior, it has become more important to include additional security discussions in my book. If the developers and administrators are going to be held responsible for the user’s actions, at least I can try to arm them with good information.
The decentralized nature of the security information is also a change. Yes, many of my books will still include a specific security chapter. However, after getting a lot of input from readers, it has become apparent that most readers aren’t looking in the security-specific chapter for information. It’s easier and better if much of the security information appears with the programming or administration techniques that the reader is reviewing at any given time. As a consequence, some of my books will contain a great deal of security information but won’t even have a chapter devoted to security issues.
I’m constantly looking for new ways to make your reading experience better. Of course, that means getting as much input as I can from you and also discussing these issues on my blog. If you have any ideas on ways that I can better present security issues to you, let me know at John@JohnMuellerBooks.com.