New Effort Hopes to Improve Software Security

It’s not much of a secret that a lot of software has security flaws. One reason is that there aren’t any real standards for designing secure software. In fact, the right way to secure programs is rarely discussed at all.

A new group is hoping to change that. Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at Google (GOOG), Microsoft (MSFT), Adobe (ADBE), and other tech companies, as well as nontech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.

“For most of the last decade security has taken place in secret,” says Brian Chess, chief scientist at Fortify. Even the most basic security information is usually held close to the vest for fear that bad guys could use it to compromise a system. The lack of transparency serves a purpose, but it comes at the expense of helping other companies improve the security of their software.

Read the rest of this post


Must-Reads from other Websites

Panos Mourdoukoutas

Why Apple Should Buy China’s Xiaomi

Paul Graham

What I Didn’t Say

Benjamin Bratton

We Need to Talk About TED

Mat Honan

I, Glasshole: My Year With Google Glass

Chris Ware

All Together Now

Corey S. Powell and Laurie Gwen Shapiro

The Sculpture on the Moon

About Voices

Along with original content and posts from across the Dow Jones network, this section of AllThingsD includes Must-Reads From Other Websites — pieces we’ve read, discussions we’ve followed, stuff we like. Six posts from external sites are included here each weekday, but we only run the headlines. We link to the original sites for the rest. These posts are explicitly labeled, so it’s clear that the content comes from other websites, and for clarity’s sake, all outside posts run against a pink background.

We also solicit original full-length posts and accept some unsolicited submissions.

Read more »