11 dev rules former Twitter security engineer Neil Matatall swears by

Matatall spoke last Friday at NYU Poly's Cyber Security Awareness Week Conference.


Neil Matatall hates cross-site scripting. The practice where, roughly speaking, HTML gets automatically generated or gets borrowed from another site. They flat out don’t do it at Twitter, where he was a security engineer for almost three years.

In other words, none of the code on Twitter gets written automatically. Devs just write the code. All the code. No shortcuts. Matatall explained last Friday at NYU Poly’s Cyber Security Awareness Week Conference 2014.

Matatall will be working security at GitHub soon. Twitter staff presented at the talk two years ago, he said, and this was meant to be an update about their thinking.

Read more...