SAFECode outlines path to complete code integrity
June 28, 2010 —
(Page 1 of 2)
Automation, authentication and research are only pieces of the “reduction of vulnerability” pie. A team mentality and cohesion across the software supply chain play a big part as well, according to a report released June 14 by non-profit organization Software Assurance Forum for Excellence in Code (SAFECode).
The report, “An Overview of Software Integrity Controls: An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain,” discusses different approaches organizations can take to ensure complete software integrity, such as contractual, technical and authenticity controls.
Bola Rotibi, research director at Creative Intellectual Consulting, pointed out: “The most important thing is not a tool or a technological approach, although these things are vital. It’s really more about an attitude, awareness and recognition [of a vulnerability] approach that should be applied before best practices.”
SAFECode’s members (Adobe, EMC, Juniper, Microsoft, Nokia, SAP and Symantec) naturally agreed with the paper’s premise, saying, “Focusing on the place where software is developed is less useful for improving security than focusing on the process by which software is developed and tested.” Focusing on the process helps ensure vendors, suppliers and employees alike are all on the same page, the report said.
Despite plenty of ways to assess and mitigate vulnerabilities, Rotibi said that, at the end of the day, there needs to be a concerted effort to look at where vulnerabilities will happen, to have the skills to recognize them, and the humility to admit a failure if a vulnerability does happen. Afterwards, that information also needs to be documented and passed along to ensure the vulnerability will be less likely to happen again, she added.
Other approaches, such as automating certain processes and reducing the amount of actual people touching the code, can certainly minimize risks, but this approach is not always entirely feasible either, said Michael Coté, an industry analyst with RedMonk. “If you buy into the trend of a lot more systems development going on,” which typically requires more people touching the code, then that kind of approach would be too difficult and time consuming to implement, he added.
Related Search Term(s): SAFECode
Share this link: http://sdt.bz/34445
Most Read Latest News Blog Resources
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|