If you are an IT person, this article may be a waste of your time. But – if you are in the business of making and delivering products with software inside – read on.
What threats really count for your business?
No question is more important for implementing an effective security and compliance program for your product development. The management, the software developers and security analysts cannot expect to mitigate risk effectively without knowing the sources and cost of threats to company products and the products’ users.
The prevailing IT security model predicates defense in depth of IT systems. The most common strategies are to mitigate external threats with network and application security products that are reactive countermeasures; blocking network ports and services, detecting known application exploits, or by blocking entry of malicious code to the network. Are any of these security countermeasures likely to be effective in the long-term for software applications and software-based appliances? Can attacks on a software product be neutralized with defensive means only? In other words, is there a “black-box” security solution for your products?
The answer is clearly no.
A reactive network defense tool such as a firewall cannot protect exploitation of software defects and an application firewall is no replacement for in-depth understanding of company-specific source code or product configuration vulnerabilities.
This paper presents a rigorous software development process for delivering secure software product starting with a simple notion – “buggy software is insecure software”.
By removing software defects we are in the best position to deliver secure software to our customers.
Download the full article Make your business secure by making your software secure