HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

IPHONE APP

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON IPHONEDEVCON ANDEVCON ESDC PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

IP protection comes to Android apps
Arxan's software uses "Guards" to handle defense mechanisms for code

Microsoft pushes Windows Phone 7 development tools
Ahead of the smartphone's release, Microsoft is letting developers download its tools in a...

Red Hat turns its eyes to the cloud
The company's new PaaS strategy will incorporate the JBoss enterprise middleware stack and...

Updated Redis NoSQL can store hashes, save datasets
More than just a key-value store, version 2.0 of Redis pushes it as a jack-of-all-trades N...

IP protection comes to Android apps
Arxan's software uses "Guards" to handle defense mechanisms for code

Red Hat turns its eyes to the cloud
The company's new PaaS strategy will incorporate the JBoss enterprise middleware stack and...

Microsoft pushes Windows Phone 7 development tools
Ahead of the smartphone's release, Microsoft is letting developers download its tools in a...

VMworld hops to it
Data center operating systems play a big part at VMworld, but it's still too soon.

Certificate program for secure cloud computing
The Cloud Security Alliance introduces user certification.

What does the Army's Crusher tank and RIM's tablet computer have in common?
RIM plans to use Crusher tank technology on its yet-to-be-announced tablet.

Some helpful links
A list of links to example programs implemented across multiple languages.

Realize Effective Distributed Development via a Virtual Software Factory Explore the ways in which IBM Rational can make distributed development a reality in your...

Simplify Issue & Project Tracking - Free 30 Day Download Application development teams constantly find themselves under pressure to increase the s...

Agile Development Requires Agile Processes For far too long, the general demeanor for software development lifecycle (SDLC) process i...

Application Lifecycle Management in the Oracle Environment If your organization has invested in Visual Studio and you develop on Oracle databases, yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

GET THE APP!

Black Hat conference fields suggestions for software security

By David Worthington

July 28, 2010 — (Page 1 of 3)
The Software Assurance Forum for Excellence in Code (SAFECode) engaged with developers at the Black Hat Technical Security Conference yesterday in a brainstorming session to clarify a vision for software security over the next decade.

More than 50 Black Hat attendees participated in the session. SAFECode Members include Adobe Systems, EMC, Juniper Networks, Microsoft, Nokia, SAP AG and Symantec.

The No. 1 issue was education and training, said Steve Lipner, senior director of security engineering strategy at Microsoft and SAFECode board member. The discussion focused on how to get new graduates and entry-level developers to be prepared to write secure code, or even be aware of the need to write secure code, he observed.

Some specific suggestions included adding software security classes to university curricula; getting universities to "push back" against employers that are more interested in applicants that know about new technologies but might not be able to create secure code; requiring developers to have security certifications to write code; and establishing a mindset for secure development.

"I don’t see this as very realistic," said Rex Black, president of Rex Black Consulting, a security group. "Academics telling practitioners how to do their job is not something that has traditionally gone down well in software engineering. What would be preferable, in my mind, would be for software and systems vendors to have the same kind of legal liability that vendors of other products—e.g., cars, airplanes, microwave ovens—have for the quality and safety of their products."

One attendee said that the security needs are different everywhere, and different companies have different requirements that can’t be covered in a course. Lipner said that most members on the panel have a policy in place that includes security requirements for developers.

"This would be a good thing, as would requiring certifications to test code. What’s important here is that the job market start to see value in such certifications," Black said.

The rest of the discussion had no single point of emphasis, but there was a lot of focus on secure Web (rather than client) application development, he said.

Related Search Term(s): SAFECode, security

Pages 1 2 3

Share this link: http://www.sdtimes.com/link/34518

SAFECode guide advises developers on secure practices The new guide offers such development tips as using fuzz testing, penetration testing and automated tools. The guide was composed from practices used by companies in the SAFECode organization.

Letters to the Editor: Sun gives REST, SOAP choice A reader takes issue with a headline on our story about Sun working with REST along with SOAP, while others weigh in on rewriting Java code in C and solving impedance mismatches.

From the Editors: Opening up about security The editors are glad to see security being discussed at conferences; ScrumMaster certification should be made more stringent

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 9/1/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

VMworld hops to it
Data center operating systems play a big part at VMworld, but it's still too soon.
09/02/2010 01:42 PM EST

Certificate program for secure cloud computing
The Cloud Security Alliance introduces user certification.
09/01/2010 04:20 PM EST

What does the Army's Crusher tank and RIM's tablet computer have in common?
RIM plans to use Crusher tank technology on its yet-to-be-announced tablet.
08/25/2010 04:16 PM EST