Strong security starts with software development

被引：5

作者：

Cope R. ^{[1
]}

机构：

[1] Perforce Software

来源：

Network Security | 2020年 / 2020卷 / 07期

关键词：

While there is – rightly – a big focus on securing software that is already deployed; the reality is that many future vulnerabilities stem from the creation of that software. Insecure applications give hackers a back door. For instance; buffer overflows and code injection attacks can lead to compromised confidentiality of data; loss of service; damage to the systems of thousands of users; even – in the case of products containing embedded software; such as medical equipment or vehicles – risk to life. While we focus on securing software that is already deployed; the reality is that many future vulnerabilities stem from the creation of that software. Securing development is a tough challenge due to the increasing complexity of software; the volume of code; multiple contributors; distributed teams and the pressure to deliver to tight deadlines. Plus; developers traditionally have not been focused on security. That is changing with the emergence of DevSecOps; which focuses on implementing software security practices and tools at every stage of the lifecycle; explains Rod Cope of Perforce Software. © 2020 Elsevier Ltd;

D O I：

10.1016/S1353-4858(20)30078-7

中图分类号：

学科分类号：

摘要：

While there is – rightly – a big focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Insecure applications give hackers a back door. For instance, buffer overflows and code injection attacks can lead to compromised confidentiality of data, loss of service, damage to the systems of thousands of users, even – in the case of products containing embedded software, such as medical equipment or vehicles – risk to life. While we focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Securing development is a tough challenge due to the increasing complexity of software, the volume of code, multiple contributors, distributed teams and the pressure to deliver to tight deadlines. Plus, developers traditionally have not been focused on security. That is changing with the emergence of DevSecOps, which focuses on implementing software security practices and tools at every stage of the lifecycle, explains Rod Cope of Perforce Software. © 2020 Elsevier Ltd

引用

页码：6 / 9

页数：3

共 50 条

[21] BIOTECH FUNDING STARTS STRONG
Mullin, Rick
CHEMICAL & ENGINEERING NEWS, 2015, 93 (02) : 4 - 4
[22] New Year starts strong
Guckes, Michael
Plast Technol, 2019, 3 (65):
[23] TAIWAN STARTS SOFTWARE PARK
HUANG, C
ELECTRONICS-US, 1994, 67 (12): : 14 - 14
[24] The Security Council starts legislating
Szasz, PC
AMERICAN JOURNAL OF INTERNATIONAL LAW, 2002, 96 (04) : 901 - 905
[25] COMPANY SECURITY STARTS AT THE TOP
PHILLIPSORENSEN, J
CME-CHARTERED MECHANICAL ENGINEER, 1986, 33 (7-8): : 24 - 26
[26] Towards Incorporation of Software Security Testing Framework in Software Development
Hassan, Nor Hafeizah
Selamat, Siti Rahayu
Sahib, Shahrin
Hussin, Burairah
SOFTWARE ENGINEERING AND COMPUTER SYSTEMS, PT 1, 2011, 179 : 16 - 30
[27] Formality, Agility, Security, and Evolution in Software Development
Bowen, Jonathan P.
Hinchey, Mike
Janicke, Helge
Ward, Martin
Zedan, Hussein
COMPUTER, 2014, 47 (10) : 86 - 89
[28] Security requirements for ubiquitous software development site
Kim, Tai-hoon
KNOWLEDGE-BASED INTELLIGENT INFORMATION AND ENGINEERING SYSTEMS, PT 2, PROCEEDINGS, 2006, 4252 : 836 - 843
[29] The effects of required security on software development effort
Venson, Elaine
Clark, Bradford
Boehm, Barry
JOURNAL OF SYSTEMS AND SOFTWARE, 2024, 207
[30] Aligning Security Objectives With Agile Software Development
Rindell, Kalle
Hyrynsalmi, Sami
Leppanen, Ville
19TH INTERNATIONAL CONFERENCE ON AGILE SOFTWARE DEVELOPMENT (XP '18), 2018,

← 1 2 3 4 5 →