Author Topic: Best practices for software developers  (Read 1788 times)

Offline md

  • Administrator
  • Sr. Member
  • *****
  • Posts: 343
    • View Profile
Best practices for software developers
« on: July 28, 2010, 10:04:12 PM »
Denim group recommends 10 ways for software developers to interact more effectively with information security teams.

SAN ANTONIO, USA:  Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risk with their existing software, provides guidance to software development teams looking to collaborate better with security teams.

Software development teams are constantly under pressure to release new software products on a timely basis. While security requirements are acknowledged as important, features and functionality are typically at the top of the priority list for new releases.

Given the increase in application level attacks, inclusion of security requirements will be a constant facet of software development efforts in the future.

The following list represents best practices Denim Group has observed in client environments where software development teams collaborate effectively with security teams:

1. Have at least one developer on the team who is able to speak in depth about security. Hire someone specifically for this purpose, or grow someone within the team.

2. Run all developers through some form of security awareness training.

3. Make a list of your applications with some of their characteristics, and share this list with your security team.

4. Use one of the freely available web proxies or application scanners to test one or two of your applications.

5. Download an easily attainable source code scanning tool, and run it against your code.

6. Benchmark your team against a software security maturity model, such as OpenSAMM.

7. Reach out to your security team with the results of your initial efforts. Take the initiative in order to encourage activity on your schedule.

8. Move any vulnerabilities that have been identified into your defect tracking system so they can be prioritized and systematically addressed.

9. Fix some of the vulnerabilities identified in your applications. Prove you are taking security seriously by picking a handful of the most critical vulnerabilities and fixing them.

10. Ask for input from the security team at the beginning of a new project or development effort.

“Proactively opening lines of communication between software developers and information security professionals will help ensure vulnerabilities are identified and fixed more quickly. This will help avoid business disruption and ultimately save organizations time and money,” said Dan Cornell, chief technology officer of Denim Group.

Offline nusrat-diu

  • Hero Member
  • *****
  • Posts: 1124
    • View Profile
Re: Best practices for software developers
« Reply #1 on: March 08, 2011, 05:32:47 PM »
There are two ways of constructing a software design; one way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult."
- C. A. R. Hoare
Nusrat Jahan
Assistant Professor
Department of English
Daffodil International University