Strong security starts with software development

While there is – rightly – a big focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Insecure applications give hackers a back door. For instance, buffer overflows and code injection attacks can lead to compromised confidentiality of data, loss of service, damage to the systems of thousands of users, even – in the case of products containing embedded software, such as medical equipment or vehicles – risk to life. While we focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Securing development is a tough challenge due to the increasing complexity of software, the volume of code, multiple contributors, distributed teams and the pressure to deliver to tight deadlines. Plus, developers traditionally have not been focused on security. That is changing with the emergence of DevSecOps, which focuses on implementing software security practices and tools at every stage of the lifecycle, explains Rod Cope of Perforce Software. © 2020 Elsevier Ltd