Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Developing secure software is a management issue

By Djenana Campara, Klocwork Inc.
August 24, 2005 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - When security vulnerabilities in a vendor's software are exploited, significant costs are faced by the vendor and its software users. Software with security vulnerabilities harms an organization's reputation with customers, partners and investors. It increases costs as companies are forced to repair unreliable applications, and it delays other development efforts as limited resources are assigned to address current software deficiencies.
With the increased scrutiny of internal processes and controls resulting from mandates such as the Sarbanes-Oxley Act, executives are demanding that IT improve the development process in order to create more secure and reliable software.
Fix a flawed development process
All software has bugs, and a large number of these bugs have security implications. It's not just buggy code that is an issue. Software behavior and coding practices that were considered safe at the time of writing may now be ripe for exploitation by malicious hackers.
The problem for software development organizations is that they must simultaneously reduce software vulnerabilities while keeping operational costs in check. Plus, any new development strategy is expected to be applicable across geographically distributed teams -- including offshore service providers.
Something has to change. Software quality, and specifically software security, must be improved, and the most effective means is to address the root causes of poor software -- the defects in the source code. But to improve software, the current flawed development process must be addressed.
Start by assessing the situation
Rather than throwing more money and resources into a flawed process, companies need a new plan of action. Before implementing new processes and investing in new tools, companies should consider these steps:
Ensure information flow: A smart software development process ensures timely and effective information sharing. This enhanced knowledge improves communication between management and the development teams, allows developers to work with solid and secure architecture and coding practices, provides visibility into an application's context and its health at any point in the development life cycle, and lets IT manage software assets like other business assets.
Know the goals: A key consideration for any software security initiative is whether the goal is to audit the current state of your software's security or to implement a change in current development practices. An audit is a one-time event, while an in-process deployment can improve the security of existing applications, as well as provide the necessary experience, tools and processes to extend the concept of secure development throughout the entire development organization.
Determine strategies for new and existing code: Attempting to retrofit secure coding practices into existing



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Differentiating With Technical Support: JBoss Customer Support Study
JBoss' expert technical support services is clearly acknowledged by its client base. The comprehensive nature by which their service is unsurpassed. Every category...  

Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...

The JBoss SOA Assessment Tool: Spend Less, Do More
SOA does not have to be overly complex or expensive. The JBoss SOA Assessment Tool can help you chart a course to a...  

IDC Webcast: Linux Adoption in a Global Recession
Join Al Gillen from IDC and Michael Applebaum from Novell in this on-demand webcast to see how Linux has emerged as an even...

The CIO's New Guide to Design of Global IT Infrastructure
Is it possible to eliminate the impact of distance? This paper explores the 5 key principles successful CIOs are using to redesign IT...  

Novell Opens PR Video
Is the Linux desktop for me? Customers are looking for ways to be more flexible and save money. Using Linux offers a great...

IBM Lotus Notes Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate Lotus Notes R7....  

2 Minutes to IT workload automation
Take just 2 minutes to watch this short CONTROL-M flash video. Well show you how BMC CONTROL-M can put money back into your...

Business Value of Performance IDC Whitepaper
Are you looking for a comprehensive solution that addresses insufficient or congested bandwidth, impaired application performance, slow remote backup and replication or obstacles...  

Security Configuration Management
In this web video, follow along with Jim Hansen, Senior Product Manager with Big Fix, as he explains why Security Configuration Management is...

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.