New Effort Hopes to Improve Software Security
It’s not much of a secret that a lot of software has security flaws. One reason is that there aren’t any real standards for designing secure software. In fact, the right way to secure programs is rarely discussed at all.
A new group is hoping to change that. Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at Google (GOOG), Microsoft (MSFT), Adobe (ADBE), and other tech companies, as well as nontech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.
“For most of the last decade security has taken place in secret,” says Brian Chess, chief scientist at Fortify. Even the most basic security information is usually held close to the vest for fear that bad guys could use it to compromise a system. The lack of transparency serves a purpose, but it comes at the expense of helping other companies improve the security of their software.