Secure Software Development Special Interest Group
Latest updates
This area contains all of the latest information about this group.
- Outputs from the group can be downloaded from the resources area.
- Further information about the group can be found below.
Found 3 articles.
| Date: 19/6/2008 |
The presentations from the Secure Software SIG Workshop that took place in May are now available to download from the Resources page. Thanks to all those who presented.
| Date: 16/6/2008 |
The white paper launched at last week's KTN Annual Conference is now available to download. 'Software Security Failures: who should correct them and how' has been produced by the Secure Software Development Special Interest Group.
| Date: 9/5/2008 |
To coincide with today's Secure Software Development Workshop, we are pleased to make available Bill Whyte's paper that examines the concern that computing undergraduates in England are not gaining a thorough understanding of security issues.
| Page 1 of 1 |
The Challenge
Modern software continues to contain inherent vulnerabilities, the exploitation of which can lead to serious damage being caused. This damage can be financial, the Technology Strategy Board Information Security Breaches Survey for 2006 reported that security breaches could be costing UK business £10bn every year, but it also creates a lack of confidence and reduced uptake of eServices. In addition to the business losses, computers are now an everyday part of the lives of a large percentage of people, many of whom are ill-equipped to cope with security problems.
There has been a great deal of research into 'high integrity software' over the years and there is considerable information publicly available about Secure Software Development (SSD). Perhaps the key question is why is software not developed with high levels of integrity, to help prevent security vulnerabilities being introduced into systems, since in many cases the knowledge of how to do it is available and has been for some time? The challenge is to understand what cost effective tools, methodologies and business cases are required to enable the software industry to deliver commercial software with fewer vulnerabilities. The SIG will assess the principal barriers to SSD and make some recommendations as to how they can be addressed.
The Output
The SSD SIG plans to produce a white paper by June 2007 covering:
- The principle barriers to SSD within the UK;
- An overview of current SSD practice within the UK;
- Recommendations for action in order to facilitate SSD in the UK.
The Approach
The SIG will achieve this by gathering the views of key stakeholders on barriers such as cost, skills and market dynamics, and by studying, inter alia:
- SSD process model - frameworks for repeatable quality;
- Threat modelling - tools for automated threat modelling in relation to SSD;
- Vulnerability mapping - systematic approaches for remedial action in SSD;
- Current practice, from proprietary and open source.
The Secure Software Development SIG seeks membership from those in industry, academia and government who have an interest and expertise in SSD.
The Chair
The group Chairman is John Harrison.
