Security from scratch
- Article 61 of 77
- Information Age, March 2003
Software vendors are under pressure to build security into their products – from the ground up
Page 1 | Page 2 | All 2 Pages
Karl Keller, president of development company IS Power, also believes that training is just the beginning. “Security programming is a mindset,” he says. “It may start with a week or two of training, but it will require constant reinforcement. And managers must learn that programmers need to take the time to architect, design and test their code.”
Others believe that relying on human ability to spot flaws in millions of lines of source code is asking the impossible. Freely available tools, such as ITS4 and Flawfinder, can scan code for common security flaws, while commercial tools, such as Sanctum's AppScan DE, can integrate with Microsoft's Visual Studio development environment so developers can constantly test their code for flaws as they write. Microsoft itself now uses AppScan, together with a trained group of code checkers, as its main process for secure development.
With the emphasis placed on security by IT decision-makers increasing, developers will need to provide greater proof that their products are secure.
Customers are going to ensure secure programming is the norm, not the exception, even from Microsoft.
Page 1 | Page 2 | All 2 Pages