Ben Worthen, Reporter, The Wall Street Journal

New Effort Hopes to Improve Software Security

March 4, 2009 at 3:33 pm PT

It’s not much of a secret that a lot of software has security flaws. One reason is that there aren’t any real standards for designing secure software. In fact, the right way to secure programs is rarely discussed at all.

A new group is hoping to change that. Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at Google (GOOG), Microsoft (MSFT), Adobe (ADBE), and other tech companies, as well as nontech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.

“For most of the last decade security has taken place in secret,” says Brian Chess, chief scientist at Fortify. Even the most basic security information is usually held close to the vest for fear that bad guys could use it to compromise a system. The lack of transparency serves a purpose, but it comes at the expense of helping other companies improve the security of their software.

Read the rest of this post

Tagged with: Adobe, Ben Worthen, Cigital, Depository Trust & Clearing Corp., digital, Digits, economy, Fortify, frontpage, Google, innovation, Internet, Microsoft, programs, security, software, The Wall Street Journal, transparency, Wells Fargo

comments so far. Add yours.

About Voices

This is a section of the AllThingsD Web site featuring posts that have been curated from around the Web: pieces we’ve read, discussions we’ve followed, stuff we like. Five posts are included here each weekday, but only the headline and the first two sentences. We link to the original site for the rest. The section is explicitly labeled, so it’s clear that content comes “from other Web sites.”

We also solicit original full-length posts and accept some unsolicited submissions. Voices is edited by Beth Callaghan.

The Internet Hasn’t Killed the Radio Star: Clear Channel CEO Bob Pittman’s Full Dive Into Media Interview

Hulu CEO Jason Kilar Is Still Standing: The Full Dive Into Media Interview (Video)

Neil Young, the Donkey and Digital Music: The Full Dive Into Media Interview (Video)

Twitter CEO Dick Costolo: The Full Dive Into Media Interview (Video)

A Super Social Bowl

Coliloquy Steams Up Interactive E-Books (Video)

Khush Tries Teaching the World to Songify Live (Video)

Vevo’s Rio Caraeff Profits From Ubiquity (Video)

News Corp.’s Carey: Hacking Scandal Made for a Difficult Year (Video)

Legendary Entertainment’s Thomas Tull on Making Movies and Connecting With Fans (Video)

Salar Kamangar: It’s Time to Channelize YouTube (Video)

ESPN’s John Skipper Loves Every Platform — As Long As He Gets Paid (Video)

News Corp.’s Chase Carey Says Phone Hacking Doesn’t Indicate a Culture Problem

Vevo CEO Rio Caraeff: We Made $150 Million Last Year

Coliloquy’s Active Publishing Platform Lets Readers Create Designer Heroines (Demo)

WMG Chairman Edgar Bronfman Jr. on Apple, Spotify and the Fate of EMI (Video)

Legendary’s Thomas Tull Says Having Superheroes Isn’t Enough

YouTube’s Salar Kamangar on Building a Video Channel Ecosystem

ESPN’s John Skipper on Digital Distribution: “We Take the Dollar and We Take the Dime, as Well”

The New Yorker’s David Remnick Moves Beyond the Magazine (Video)

Martha Stewart Makes Her Home on the Internet (Video)

An Exit Interview With Warner Music Group Chairman Edgar Bronfman Jr.

Neil Young’s Music Rescue Mission (Video)

Viacom CEO Philippe Dauman on YouTube, SOPA and Breaking the Cable Bundle (Video)

The New Yorker’s David Remnick: Paper Magazines Are “Pretty Good Technology”

New Effort Hopes to Improve Software Security

comments so far. Add yours.

About Voices

News Subscribe to this section's RSS feed

Reviews Subscribe to this section's RSS feed

Mobile Subscribe to this section's RSS feed

Media Subscribe to this section's RSS feed

Enterprise Subscribe to this section's RSS feed

Commerce Subscribe to this section's RSS feed

Voices Subscribe to this section's RSS feed

Conferences Subscribe to this section's RSS feed

AllThingsD by Writer