500,330 active members
5,593 visitors online
Register for free
Login Register
WIBU-SYSTEMS Blog

A Fresh Look at Secure Software Development

May 2019
09
med_wibu-systems
Author: med_wibu-systems
Company: WIBU-SYSTEMS AG
A Fresh Look at Secure Software Development

Software-driven innovations are being fueled by the emergence of smart things - devices, automobiles, factories, cities - all of which impact nearly every aspect of our personal lives and businesses. The connected economy offers tremendous economic and social benefits. However, it also introduces an unprecedented level of security risks, from theft of personal data to threats to human lives. While software itself is becoming increasingly complex, the onus is on software developers to build secure applications that can withstand ubiquitous hacking attempts and ensure that it can be securely maintained throughout its lifecycle.

The dangers that lurk within the realm of software security have received global attention, yet it has been difficult for the industry to agree upon a set of best practices and common development standards. Several organizations, including, BSIMMOWASP, and National Institute of Standards and Technology, have put forth documents outlining their proposals for development standards. On the industrial side, the Industrial Internet Consortium published the Industrial Internet Security Framework, a common security outline and an approach to assess cybersecurity in Industrial Internet of Things systems.

Just recently, BSA | The Software Alliance published their own viewpoint with The BSA Framework for Secure Software: A New Approach to Securing the Software Lifecycle. Before diving into the report, it is helpful to understand their definition of software security:

Software security encompasses what a software development organization does to protect a software product and the associated critical data from vulnerabilities, internal and external threats, critical errors, or misconfigurations that can affect performance or expose data.

The organization says that the Framework is intended to establish an approach to software securitythat is flexible, adaptable, outcome-focused, risk-based, cost-effective, and repeatable. The document provides a common organization and structure to capture multiple approaches to software security by identifying standards, guidelines, and practices that can help software development organizations achieve desired security outcomes while accounting for the wide spectrum of intended uses, risk profiles, and technological solutions among software products.

The guidelines are applicable to the entire spectrum of (1) software development organizations and vendors, from the individual entrepreneur to large-scale, multi-national businesses; (2) software development methods, from traditional to DevOps; and (3) software products, from simple IoT sensors to complex Artificial Intelligence algorithms.

Specifically, the BSA states that the goals of the Framework are to help software development organizations:

  1. Describe the current state of software security in individual software products.
  2. Describe the target state of software security in individual software products.
  3. Identify and prioritize opportunities for improvement in development and lifecycle management processes.
  4. Assess progress toward the target state.
  5. Communicate among internal and external stakeholders about software security and security risks.

The Framework identifies best practices relating to both organizational processes and product capabilities across the entire software lifecycle. It is organized into six columns: Functions, Categories, Subcategories, Diagnostic Statements, Implementation Notes, and Informative References.

If you are a software developer, you will find the 40-page document to be a good read and a mechanism for assessing your own software security practices.

You might also be interested in our upcoming Webinar on May 15, The Fastest Way to Protect Your Know-How, which will provide an overview of our complete family of IP protection tools that you can integrate easily into your software

Blog Archiv

May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016