Strong security starts with software development

被引:5
|
作者
Cope R. [1 ]
机构
[1] Perforce Software
来源
Network Security | 2020年 / 2020卷 / 07期
关键词
While there is – rightly – a big focus on securing software that is already deployed; the reality is that many future vulnerabilities stem from the creation of that software. Insecure applications give hackers a back door. For instance; buffer overflows and code injection attacks can lead to compromised confidentiality of data; loss of service; damage to the systems of thousands of users; even – in the case of products containing embedded software; such as medical equipment or vehicles – risk to life. While we focus on securing software that is already deployed; the reality is that many future vulnerabilities stem from the creation of that software. Securing development is a tough challenge due to the increasing complexity of software; the volume of code; multiple contributors; distributed teams and the pressure to deliver to tight deadlines. Plus; developers traditionally have not been focused on security. That is changing with the emergence of DevSecOps; which focuses on implementing software security practices and tools at every stage of the lifecycle; explains Rod Cope of Perforce Software. © 2020 Elsevier Ltd;
D O I
10.1016/S1353-4858(20)30078-7
中图分类号
学科分类号
摘要
While there is – rightly – a big focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Insecure applications give hackers a back door. For instance, buffer overflows and code injection attacks can lead to compromised confidentiality of data, loss of service, damage to the systems of thousands of users, even – in the case of products containing embedded software, such as medical equipment or vehicles – risk to life. While we focus on securing software that is already deployed, the reality is that many future vulnerabilities stem from the creation of that software. Securing development is a tough challenge due to the increasing complexity of software, the volume of code, multiple contributors, distributed teams and the pressure to deliver to tight deadlines. Plus, developers traditionally have not been focused on security. That is changing with the emergence of DevSecOps, which focuses on implementing software security practices and tools at every stage of the lifecycle, explains Rod Cope of Perforce Software. © 2020 Elsevier Ltd
引用
收藏
页码:6 / 9
页数:3
相关论文
共 50 条
  • [41] Software security in agile software development: A literature review of challenges and solutions
    Riisom, Klaus Reche
    Hubel, Martin Slusarczyk
    Alradhi, Hasan Mousa
    Nielsen, Niels Bonde
    Kuusinen, Kati
    Jabangwe, Ronald
    19TH INTERNATIONAL CONFERENCE ON AGILE SOFTWARE DEVELOPMENT (XP '18), 2018,
  • [42] Infiltrating Security into Development: Exploring the World' Largest Software Security Study
    Weir, Charles
    Migues, Sammy
    Ware, Mike
    Williams, Laurie
    PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), 2021, : 1326 - 1336
  • [43] CMU STARTS DOD SOFTWARE CENTER
    LEOPOLD, G
    ELECTRONICSWEEK, 1985, 58 (05): : 27 - 27
  • [44] Independent Security Testing on Agile Software Development: a Case Study in a Software Company
    Choliz, Jesus
    Vilas, Julian
    Moreira, Jose
    PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, : 522 - 531
  • [45] Security Risk Indicator for Open Source Software to Measure Software Development Status
    Kuzuno, Hiroki
    Yano, Tomohiko
    Omo, Kazuki
    van der Ham, Jeroen
    Yamauchi, Toshihiro
    INFORMATION SECURITY APPLICATIONS, WISA 2023, 2024, 14402 : 143 - 156
  • [46] Learning Software Security in Context An Evaluation in Open Source Software Development Environment
    Wen, Shao-Fang
    Katt, Basel
    14TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2019), 2019,
  • [47] Case Base for Secure Software Development Using Software Security Knowledge Base
    Hazeyama, Atsuo
    Saito, Masahito
    Yoshioka, Nobukazu
    Kumagai, Azusa
    Kobashi, Takanori
    Washizaki, Hironori
    Kaiya, Haruhiko
    Okubo, Takao
    IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3, 2015, : 97 - 103
  • [48] Exploring software security approaches in software development lifecycle: A systematic mapping study
    Mohammed, Nabil M.
    Niazi, Mahmood
    Alshayeb, Mohammad
    Mahmood, Sajjad
    COMPUTER STANDARDS & INTERFACES, 2017, 50 : 107 - 115
  • [49] Bridging the gap between software development and information security
    van Wyk, KR
    McGraw, G
    IEEE SECURITY & PRIVACY, 2005, 3 (05) : 75 - 79
  • [50] Development of iMACOQR Metrics Framework for Quantification of Software Security
    Banerjee, Arpita
    Banerjee, C.
    Pandey, Santosh K.
    Poonia, Ajeet Singh
    PROCEEDINGS OF FIFTH INTERNATIONAL CONFERENCE ON SOFT COMPUTING FOR PROBLEM SOLVING (SOCPROS 2015), VOL 2, 2016, 437 : 711 - 719
12345