Secure software development: Getting started

Date: Apr 20, 2011

A company can begin to inject security into its software development processes only after conducting an analysis of what is currently in place, according to Chris Eng, senior security researcher at Veracode Inc. In this video, Eng said the easiest way to start is with static analysis testing to get a measure of the common mistakes that developers are making. Firms can also add security awareness training for developers, he said. The interview was conducted Wednesday at the SOURCE Boston 2011 security conference.

Editor's note: This news story is part of SearchSecurity.com's "Eye on" series that brings together various perspectives on security topics throughout the year from SearchSecurity and its sister sites. In the month of April the series examines secure software development.

More on Software Development Methodology

Marcus Ranum on the consequences of poor software design
VIDEO - Marcus Ranum discusses the consequences of poor software design and what can be done to ensure this does not happen in the future.
Secure application development processes improving, expert says
VIDEO - In this interview conducted at RSA Conference 2011, Gary McGraw, chief technology officer at Cigital Inc., a software security and quality consulting firm, explains how more organizations are embracing software development processes to improve the code they are producing.
Software security threats and employee awareness training
VIDEO - What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions.
Wysopal on application security training, program gaps
News - Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains.
( May 21, 2012 )
Steve Lipner on the Microsoft SDL, critical infrastructure protection
News - Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection.
( May 16, 2012 )
Gary McGraw: Eliminating badware addresses malware problem
Opinion - Bad software and malicious software are two different issues that are easily confused, says software security expert Gary McGraw.
HTML5 security: Will HTML5 replace Flash and increase Web security?
Tip - Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure.
Reverse engineering tools for mobile apps emerging, expert says
News - Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert.
( Apr 27, 2012 )

Latest Headlines

Featured

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Secure software development: Getting started

Secure software development: Getting started

More on Software Development Methodology

More from Related TechTarget Sites