IT-Analysis.com
IT-Analysis.com Logo
Business Issues Channels Enterprise Services SME Technology
Module Header
Craig WentworthMWD Advisors
Craig Wentworth
16th April - Egnyte the blue touchpaper...
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - Managed Print Services: Are SMBs Ready?
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - The Managed Print Services (MPS) Opportunity for SMBs
Simon HollowayThe Holloway Angle
Simon Holloway
11th April - Intellinote - capture anything!
David NorfolkThe Norfolk Punt
David Norfolk
11th April - On the road to Morocco

Blogs > Nigel Stanley

Secure Systems Development Conference - A Must See!
Nigel Stanley By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 27th April 2011
Copyright Bloor Research © 2011
Logo for Bloor Research

On Thursday 19th May 2011 I will be speaking at The 2nd International Secure Systems Development Conference in London on the subject of smartphone security, entitled "I own your smart phone (and of course your private life and your business life)"

But why is code security so important?

The use of complex software is now part of daily business life. Unfortunately cyber criminals are taking advantage of this to spread malware and to attack systems with the aim of stealing information, money and intellectual property.

Information security specialists have been relatively successful in protecting networks and data systems from these cyber criminals but, to date, computer software has been an Achilles heel, open to attacks that take advantage of bugs and errors in computer code. Once a security bug is found it can be abused by cyber criminals whilst a business, in many cases, remains blissfully unaware that they are under attack.

Computer software must therefore be checked for security related bugs--a process that has historically been very manually intensive and expensive, with limited scalability and needing access to the underlying source code.

It's a software developer's job to write application code that satisfies customer requirements and meets business objectives. This code needs to be functional, usable, reliable and with acceptable performance and supportability. As the modern world relies on software to function, teams of developers must do their best to churn out millions of lines of code under huge pressure to satisfy customer demand. 

With looming deadlines and the need to do yet more work developers, in the past, had little time to ensure their code was free from bugs or errors that opened security holes in the application. Fortunately, as many applications ran within a client server network, relatively isolated from the outside world, this approach was normally successful.

Then along came the Internet, the World Wide Web and the subsequent massive growth in handheld devices that exposed what would be normally closed applications to millions of anonymous users. Combine this with the recent introduction of organised cyber criminals continuously looking for new ways of committing crime, and the computer security ground rules have been rewritten forever.

Against this background we have seen a huge move towards componentised code, and the reuse of code libraries and functions that had been developed in house, purchased or borrowed from other developers. As customers have looked to slim down their costs, the use of commercial and open sourced software grew. Outsourced software development has seen projects sent across the other side of the world to be written by developers they have never met in a country they may never have visited. So not only do developers need to worry about security defects in the code they write, but also in the code they reuse.

This perfect storm raises huge concerns in the minds of information security professionals who are trying to get a grip on the scale and diversity of software entering their organisations.
On the other hand we need to consider the developers. The sheer volume of potential security flaws and new and emerging threats can be overwhelming to a developer under pressure to roll out yet another new feature.

Software development managers and information security professionals need to act now to address the security of the software they write, purchase or co-opt into their solutions.

I recommend this event for both security professionals and developers alike.

Nigel Stanley
Practice Leader - Security
Bloor Research

Advertisement



Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: