Software is everywhere. It runs your car. It controls your cell phone. Many products and services within both the public and private sectors are highly dependent on software to handle the sensitive data on which people’s privacy, livelihoods, health, and very lives depend. National security, and by extension citizens’ personal safety, relies on complex, interconnected, software systems that in many cases use the uncontrolled Internet as their means for communicating
Author Archives: Barry Derksen
Security of software often requires complicated trade-offs between strategic choices of organizations and security risks. The Framework Secure Software puts this consideration back where it belongs: with administrators and not with legal and technical staff employees. Two organizations explain how, together with software suppliers, they again take responsibility for software security. Date: Wednesday, November 18 Time: 3.45-4.25pm
While API integrations don’t get as much hype as a programming language or software framework might, they are just as important to the software development process. What is an API? An API is an application programming interface. APIs are a set of protocols that enable different software systems to connect and share data. For example, ask Siri or Google Assistant to play a song right now on your phone. There’s
Lean and Agile are extremely popular approaches to build software. However, they’re sometimes used interchangeably with little to no regard for the differing origins and features of the methodologies. While the two are similar, and many software developers will conflate the two even in the professional field, knowing the differences between the two methodologies can be beneficial when deciding how you want to organize the actual processes that drive software
Whether or not you’ve heard of the term digital transformation, you can guarantee those around you have been talking about it since the 1990s when the dot com bubble was at full speed. Roughly 30 years later, worldwide spending on digital transformation initiatives amounts to over two trillion dollars as of 2019. Nowadays, the world is changing faster than you can imagine. With the rise of technologies like the internet
This presentation explains the goals of the Secure Software Alliance and the importance of security in the lifecycle of software. More information and download
The framework consists of four phases: In the context phase, the software system is described along with its desired security properties and assumptions. This is the basis for the rest of the evaluation and will be part of the public audit report. The threats phase deals with identifying possible attacks against the software system and the associated mitigating measures against these threats. In the implementation phase, the code and configuration
“The Dutch SSA (Secure Software Alliance) has defined a framework for secure software development intending to conform to all phases of the SDLC. It focuses on threat modeling as a prerequisite for secure software development.” The EU Agency for Cybersecurity publishes a study on existing approaches for secure software development and maintenance while highlighting aspects to be considered under the EU cybersecurity certification framework.
Pilots Framework In 2019 the alliance started pilots to show and document what application of the framework means for software development processes and for the users of software. The results will be published in 2020.
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem, is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was