On his blog today, Chris Shiflett has a new post with a look at the old saying - "teach a many to fish.." - and how it applies to what Chris tries to teach through his articles.

A recent comment by Jeremy Chin (replying to my article The Truth about Sessions) likens my writing to teaching a man to fish.

Web application security is a young and evolving discipline. There are very few "right answers" in this field, and many security professionals are hesitant to offer advice for fear of being misunderstood or wrong. If a safeguard is misapplied or offers insufficient protection, the author's reputation is at stake.

I enjoy my role in the community largely because I'm not too concerned with reputation. However, I take my role very seriously, and I think it's important to offer sound advice, particularly regarding security. This is why my writing style is to explain a problem as thoroughly as possible before offering a solution.

And, after reading any of Chris' articles, I think you'll get the same feeling. He really does a good job of explaining the whys and hows of everything he discusses, and offers his own suggestions where appropriate...