I’m working on my 70-536 (Application Development Foundation) certification right now, and yesterday I was schlogging through the multiple chapters on different types of security. (And by the way does anyone actually use Code Access Security? Bleh.) It occurred to me as I was reading why I didn’t like dealing with security-related issues.
As a developer, my primary goal is to make software that is useful to people. Nothing makes me happier than when someone enjoys using somthing that I built. When I do things to expressly prevent people from using my stuff, I feel like I’m working directly against that motivation. I think a lot of developers probably feel the same way, and that may be why security has a reputation as being unpleasant to work on.
Consequently, it ends up getting pushed to the end of a project, or even ignored entirely. Unfortunately, I can’t think of a way to make this more enjoyable. But hey, some people hate all aspects of their jobs, so I feel lucky that I really enjoy most of the things I get to do in mine.