ABSTRACT
Jerry Weinberg was actually commenting on the state of the art in software engineering in the 1960s, not
present-day security engineering, when he authored his second law. The fact that his comment is as
pertinent to today’s malicious hackers as it was to innocent practitioners of by-gone days illustrates the
fundamental truth that security is an inherent attribute of well-designed information systems. His
additional commentary points out that systems-engineering activities (e.g., debugging) destabilize
systems, clashing with the security imperative for stable systems. This chapter suggests that enlisting
woodpeckers (or systems developers) in the security effort benefits both security and development. We
posit that it is best to justify information security programs on economic issues in the management
hierarchy by showing value from cooperating on technical issues in the project arena. The best way to
benefit the development team and the entire organization is by working in harmony with development
priorities, so we present several ways to do so.