|
|
|
IT Planner: 5 Steps to Secure Development
By: Darryl K. Taft
2008-03-14
Article Rating:  / 19
There are 0 user comments on this Network Security & Hardware story.
IT Planner: 5 Steps to Secure Development (
Page 1 of 4 ) Security should be top of mind before, during and after the development process.Experts agree that although absolute application security is nearly
impossible, there are key steps you should take to mitigate risk.
Step 1: Define the process
The first step is to define the process you're going to use to develop and measure the security of your software.
Software development has many phases, from requirements gathering
through design, development, testing and deployment. You must consider
how your existing processes must be augmented in every phase of
development to include security, said Ben Chelf, chief technology
officer at Coverity, a maker of static source code analysis tools.
"Defining the process includes thinking about coding standards for
your developers to avoid potentially dangerous code constructs;
thinking about how to design the system in a secure way so that there
is no unintended access, even in the case where the code itself is
bulletproof; and so on," Chelf said.
Security is not just something you can slap on at the end of the
process after the system is put together, Chelf added. That is too
late. With a good process in place that spans the entire software
development life cycle, you can set up checkpoints to measure and
verify that security is being addressed appropriately.
However, there is no single process that works for all organizations.
"The companies that I've seen as the most successful put together a
team of security experts to help define the processes and standards for
software development that occurs within the entity," Chelf said. "This
group should be seen as an enabler, not a slap on the wrist' to the
software development organization."
Eric Bidstrup, Microsoft's group program manager for Security
Engineering and Community, Trustworthy Computing, said it is important
to get management support for secure developmentno matter what.
"Ensure that you have absolute management support for building
secure software, including the ability to halt shipment of a product if
it doesn't meet your predefined, approved and documented specifications
for secure software development," Bidstrup said.
Indeed, accountability, priorities and buy-in need to be established before progress can be made on application security.
"Application security requires a partnership between security teams
and their development counterparts," said Mike Weider, director of
security solutions at IBM Rational. "Organizations need to place a
priority on this alongside building new features and meeting deadlines.
This applies for internally or externally developed applications.
Third-party developments and offshore companies need to be held
accountable for delivering secure code by building this into the legal
contracts."
Sebastian Holst, senior vice president of sales and marketing at
PreEmptive Solutions, also recommends a detailed inventory of the
existing IT environment.
"An organization must have an accurate inventory of what it has
developed and deployed and where those applications are being used, for
what purposes and by whom," Holst said.
The biggest problems come when organizations wait until the end of development to think about security, Weider added.
|
|
�������x}ks㶲*�Q3Co{lcX�Im"!1Eꐔ�O/Oon�|AK~$q2DFh4��$sW7-gB)ٟЧGo-z�Ij}͇@�Ae�zNULsJ�Զn�\7n[�3�P/� ��kL|A�შ��b�H ���%SjMA]k|f�{F}_f2F�7�\�3�Ѣ�gb�^P�$ȁ_MM9�J�D�֥��E!mG$oqX}:[R=2r3ݛX�BTu�K$�!1QcD�ȟ�}go^/ԡ�c�F 4-n�dd
vuH`Uƞfn�ڭa��䅠1FE��wC�HդN/IԈI�Z"[�;dTZ�w#6S!1�k%Rը>l@G,> H>1P?w�IV@ ��æ�Ӹ�/*! lV=�D�
=�~b[>49 �]�u~CoczV[u�7�]8!Yxi�WQԒ(�9ac�m S
��@2zz`N-2踞C\�eY7�Ͱ-&@6#M-jZUQ
b�kGΏ╻o[©̝
wQo_s\)(nsv#��lݹ�ڎ6ж켮k��C\�}nGk�9G$HcA~N~W&�R*��rP8%�|a�jL�@t:A�XsEF j+�n�k�MюR=2,g��f�VҘ�g�UUj,ǝ%?[�U&U}Yf0Zh�C�A+t?c[ˠzq}ں~\z}rڻ"I]xF4pg�
䏵Vups�O{:$~z>54�01\�]Z-$5#2weL�xy$Y.rk":�t !�Ow|�nr"GrI/]o"�{�$̛cM�|�ImdƩ�$��S'Gk__ӬZxka
4�+@_x0N�Dn�f4�M�s,e��g{0A�M)��61r���v!fBy;M)���z@@�ZR~nV(�U�S%EI7#DD�
v23~�B(��pHq��> z%�e1\Ӱu�irq���]7+De.
s5-wfzˢ�;\g8m7�-ҿ]{�0*>c]�g%",Q�qsuTSt*Zl:�?>J j�GExQ/+��rOMf[ԑplP)u�u~"
}0��ZG>�l~gԴ�HwP�?�:�pѦ�ޡ8�ݘZ����H/B4A�>
+���wGݺ~L�=��Wԇ5j`�I
�l"�]�LR}>l�8d�$n)s�s�Ln-�`A�c`���V��<� �2/?C_�n@�}S(�}�9��nȲc@L�dl{�ٚM�>�BX-;cL��� o¯.M(KG�hL©(9
QҋsM�i
���|k۬ ̙�>� .��z:Hp�0��ѿz��̞�nv(f;NrB@S*, H@gmdz7[�Oq)23f�$��,4�tOWݡ~��~M�kCG�h@�r6�ҁ~eXZ�@-��ĿU�ila7k��
�)P|M$"6X�Rvӱ��aY�l`cy!Csz
QIZ·u�!{j-j&O[_&�TYWӟ�LYVN9�MKϵ("�z�ln�'�l��phBJmH�w>u�-
cOѭ,��h8)4jkzF
���o�f`�׆ �K ؈Ü�ҵ�fsKw�EeI�Mip.ld>j '�[!B`VaN�g43aJ�[6 }~D>�ZB_a֚�?ΆRP�IO9&�_G5�k�^��ˣ6Wصm.2躢��Ʊ4st%ҵE�4���hDSkDb4"T2paLH�a03]�e�lqؼEoXqSc'��;�䊻��!`P�f�pu,Tn��]wbSIBn��E)'.�5 c�d��]Tz�@4`D� ��N>Lb�6Р����\�@�U.(L1�9�r�2b*X[�P�T�B$f�E�P��7`u0$POXL�+*�9O>pϟ��
sFWyUF�XH#yT+BZ=N�QQT*8+
:c*(Si95Cw<�8�C�A~f�-4,~QjCzMp`�>s�.�y >{�V�N0eC�>yL��F<|�˰"Uh|JZYPIb+�ģ#Y��V� W�MU���pn`w��y�~�t=t@X�qDG��L �ҀJ
^�ƙl)ba��J)?�~m"p[ԿA���XwA-~ʮO1"Q�e�voqi)D�kԃ13~�3b_@�UR�T^tZu^�ߜ]hDA�`��
Нv;#ؐCKAk1o 9q�>:(T�`mE{H^ac7U�[@o�F)�-ғ˓U�4
"bGIpR|9}-�>p)7poj-[zEnMsU-ny�F�x�w"�E@*ZZuK vp?n216<^uUJd|,4̩,F�lؤκVs�b,On?Z
ƆAFp5ز@�n,r_�"w�sԷйtNsl �}~rn�Af �D�|��8 F�`�մZ9kٝNC7E$�9PX��G[�HNo`n�~ͯI�7a%|�7[JI)�`uVDZ)~�9HG�]�.�2|Y_x1'�:*Cz)c��ʂ�Eo(SYmq'&F.�,ex.N3 ac>�/��i�)TGEXqkX�#=ϼ
+(U|d�y5�&Q�rEu�E
|&ŏh(Urmv=C~�=բ,�A���%UHU(V
�$�~�U;*h6Y+(#t�+^��ǽn�m.D<��[ �17�ʨTIV+�Gs;"ʊg�b|�q{q>'F{���l��j>gWՄθ�4;a,�XLd;ɲ�#X�I74c�ְ�S=#nƍj`.ӪV�$,: ���<7�d��}૨8pL\'e�M=J1z7{9�ճ"b{l:��+�m}:�#4�-�d�hhqo0u�ncB|I};]SzGsіX�K G�7�y!B�ç<'Uxi)q��o2�X�G3~�a̍�^Cچ��Wһj8`LRX5c-ɅHgZM⪱�=C٠l�G�<
ּVAv,3x\�/<[<,�Mw[�v1CZ=r�}E�_�gq�W��w$�tV���?Qw�p]9Qz AC~kM|3r~ioԕeL�0�>V8�;i?{i>8niim�U�zx
J}~Nl/t6�D(jyWa{w#WȪ̅S.ۋNg�S^q,<���&jwlǵ�4�Z;�=3����ӨO6;x1t?0G Of�x�fw9g; 9><��#P`-
֔I���i#ĠHZsMs ��_5��;as*|Z"�ZybVa���o�[1�$g�|o(8�N83{K�4�j�ZSW�ל7&/6o)�� \(o�.鿣i{\na��'x�0d\ڊ�}�aK~~�~/��,�Viug�.<8Nj2v!sUUT}\?,ɢ3�&V�н��{E�L�tΜ/KC�A|؆R
q)�Muu�tǗX�R=o;a�3<�ѧ,yqx
Ɏ$7^�P莎F�er��+,eB�Pt/pcԑY�z^�M�!ىc~�'�>t1tI~cˊ#X�e9Z�up N]V�
TEӒKH�!?RGLol[�;RX�Fޝ&11w}R�EHpf0e�ܒ���7 ��f��dB1��Y�~8��nDzH�`,O��f�%:HQ�}�'1b6:}q�U�]�Q�50|I�w8jB{.fe�xs�9�NS^�>v�1^(�4~�oG�U�{�OIoOӊF,�J3�VL2W!{RjbX�%�4�)Yz%.<�;8xqY17b�)ܒI}[g�*U�j)NxDJ�1"$_y.5Y���J%OtʹRbI_�]�>`�eݦ^0sg�2,֦�\�dG+J4Z)1Z���3^BfayBF ϭ{j3b���(!(�ޟoԵJVL$6eR@ R|OV#TTLk.U� S!l�핽xg�eXLt�=�q4/<_��XR�ĝ�BԔr,��#�\;0�9|�'!|�v2`��D�$hCޟiJ�btz&m�{Zu1w(ВJj}]�jOgT=n9�<.�1h=@61;�
`)*J�}�oI+�O�xV ""'Q�f&�}y-6}MRTz
=�Ox Xݖ��/6;�)p�=�ISj��Ψ��WM�67VfhM��sU�P�&vtH uD
T4�)rd8R(��4Z��]�RW����ǣRֵo�Ŋ�*�,�AI�0$!H"@ {6=BRί+�m��;J�%��|u$FA���Jj!(A�98�7b/Gh%u�[W}�oնK֒,a�k��j��a��DڜҩnБHkpgSJJ"O %��
2_.sw
�l� k
3��{14XIxi)�VƦ �
`I/�f8"RjBU5�#Xq>Qq0}tI�2 !i
\jz2q�O} LZĤ,9k�l`\ �MkͿͿͿx9J& I��knA�0g>>yb Zj{K4ߎ=$#1���i�#� ��Ҧj,T"%�4ޖ֒HPD��La�`�_H��4]vI6W1x�� H�%��c x Ti<-9ʜ�j�C��lN'xyن�KE�[Wݒ�^i�a�Ѡe^+j >^�4�,g;H`l�!L�<1Pe!M`]hx[ڋy�щ {�v|t>.oq�ӗha[#���9e;�].x�i`["l8BU�Ox nrêJ�`�ֵԟ�L�]tmnffQ0L�w�'�.�pH�h"K�g����w�t`�P)4w#gHp�:�f�aZ#x,Lj�f�J)��,Wr�$�%n�>b�;�#v15� +ly٫_r5f�Θsݶ+��WHf�Ze\r_|k��NB"�ޘy۫�B֚AmaN,d;15絙v�m{�ŷi�ө`�W۲:>�/<}>�dUokoc�t%Rk2ײ=1�elzC�`lï~�Joi��f#eĆlka+I�錃qlrG�
g3&e<�,l~ow'�=|��|b98\!O~{�פ�K|:Ϡ 8eS|Uxi/�^9�8;X8ִ̫�d=I^/�[(��{8R[o�xz1D1�H1շ0&3\ȝ�DkT60 �P�GߋځrU����!Uo|֊�[NیiΞCm�qA6�{a)�o{wlz�G7�¤�Yt'O|(�d�Q?C(p���dOc7
{[}� ��.�O5=�xa�ke�ѵ����k"Z�{�oK�b+]3? .kjc!�c��s�#|n�JA�roX�Cy}�rmz�Ex�}�gDp�vYr@Ym�Ӷ|�|��4>(C^PB^4��M=1I�^s9�ꚚrMo
@��~WTZ�C �O��]�c)~c�)�kh��xM
�B,pyCA���KfR��כJ4a}N"F drB.݀cbj�\1;^FtIkb�".˘xV@\Hk̘xt4�vlNz� ytNu-.b�*Z!Ѥ�F�,NGZj>k�ik�6j=!ɣ`5�?�%qvn&.m'h�zBRKo^@'�ܬTM$v
GܬsG܀�S�mQ�Na)?�18|"wdXx1J?d_j���4�R.gI*�A4�`]"�pR%268ZH+(%\�C;@ZՔV-`{�dE�ʆIq�>xsLR&"5랁I\�q':Rg�y祒V,T˩u~!qX*l E�L<\˚�],�6飏ji'�
1 m��~C9�g?�|r|P�s�z1߽Zכk}rP��ԟ �,��+^Rc"W6�!̀zf�'ܪ&-:s_ac�i*qwm[*{�yJ-h>#Թ<ʼ�?js{-s��+%g;+.��Yql[.04%�'S��9�ݱ�r*1<4�ŤɴiMh9!mF6(xl�ti
4&�{�tPxC�+p��S CR�,6$Ae�ȃ5T?�0Խ~�n�ZUJGȚXWc�t(J 1W� >�o�ɀ }
=r�t�&w�\9P{�k8�� ��Pm¼@B�)͆}o
,ӴiDLRO����wv\�ND!_K�_!0�V�8 sF@Yj$.G���P5�6��:iퟐ�srѾ�U�=<��Ġ��Lp@!�cȮ��}�ƣ0W�~�.9$�.+Ja 3��O�k:�|e1u��{�/F\oX|J7o9f�H� s�;K/xc?]]CRw.2OaD�p=S�["eR1��@Q>ɹ�gMNVBE<
,iM�����YC) Q?��cgp���bZ1Ř!b`%^r�{ž|'rt�|cЃ�\21Fnŷ~(�l�CX&��gGi>'c��;3DjaT���yU��E�t�03�W���
>C�(�~bJ MF� \�dqa�
.X`s��Y�ej��xp�Ƨ�x�}6?
wSܕa^� �b4�k;λ}-AG�,G71=�` ?vg.us
x\jH�B�$Ѕ:�y,@#!��9ω�k9�1��a]?Z/#}|AaP8�Z
��+z+U'I]UP)9CȮ�K�ƪZJWh'Чx8,4ꟉeK&JZ!
�`x�zNrdhz?[�X~@|�LBz،\�Sݹ�>`F�rڻ"MrznUr]y�4a[kp��\MqwsѾ\�rS˃��Sf&�E`9E22 �n)�C9mL6�Wd;πW𒈾(a�h,.6'tI�t�PJTَ��5�1o&Ll+�sB=VkԊkm9�Gj:ٙ%�Dgh�>1O�M��/G��*4}V0<;0�(�hO�uɀ.ڹFhR�s`+(\~�NmfQ>\���'P~�sA�?~O:YgsyktZ�_'�?t.2�N�?s�_s��fF7c|nF���͠o�͠O��]n�^d3(?@?2ʻP(������z_z��2?.ˌ2�g�g�7_?�}P9�9~3w
Y�{
_g
wɹN2!(ofY��NoT�8�\8_Je�YW@a uqQ^�}VV<_`ek��t.�rf�g{�%̭LП;'Vr]!,.5P�UZk�/Y3ݲ7�q m��
{}h}1Ɨ^ZG%/ZlR=� �AQQ.�
3l?V\[[,Oн�ۺ{'
Jݓs+z`Kc�1پWߕ\)ܲ�}:�s\ȜHǣiM@�A���(c#h6��cHO8_=\�Ga[�G4Q�6��q&�nC�7�}v#yb�ćAx�`�?&7S/.wpyk;ُϋGkw�յC5Af_b
5y?'OxVf:�gAݷfDV�)pF �Fo`��1z�I��Oa4D�=S�PN�M鍆�.h
ķ{�v]P7ma�I拑T.jZQo\)Uʹo俓+$2^�����z@0u@MjJ]N�mJT�L��3BA�zG�
�l]{ۦJ�̾ZCO�3CX)ḃ}̺l-�Ck(��x�Xx]cE�|�_,mRfp�0l{|y�gM~
o2P�e ��S��b�b�{ˈTbTbJxGo-w�-_`鴍c��6�%bn�1v��u¿O.'p&^�ӄ�w�Y!DӼ�f�z4}�z<8�JN)Ib|+3}.Շoϓ 0 lJ//ӡx�CK�Q,V�2��5t0=_2nu�'�*F'B;Nԯ�ɱz?_b�s��R:=fG.^"�(�luy5M2�t�4s�S2H��E�VLݘ��w��`zo�[��I��փM�#dK0��}98�v͘6%*�)m&�Ĵ�j��G[[wz`L�,i_cErl��Gu�ZCQ��%N5"fGU;/n5kxM.,|*(䍧Z1�t1�o6Nώ{;[;5ٵkQݍ;S3ixR
��Hn2--g2!?cI]Id<���b�vr(�pIi/�1S\*]~)B��m`Z(>/A>=7��yC͞�fsH�!L�&lʗ�[l,��)1 {㙚$z��o��9/�F{xrh݅r�&�S)�6�Y`_GFbЗ��+&:�Up6�e4uhB�
. q3�DN焽�H�aC4�:e�ԦE\F���~��C�
>1q?N@U}�#�1,��X�K؍@�؏k~ȪsL��ALH\��?w._M$Cb9G8]!
""_S�a�nhy>ⲁe":�`S
h�9�v�3T:�9���A&{� <�ZQYɶ��z
Kd2֭��kc'p�g!MX���;Oulם8G�
�d��9a7t.�I|�nHHU֧f2{M;:�-����57b�([|
ӽ��i!zQ�ˬ`K��쒧�~���0qGĶ2C|R0Upv�Rv������?93ϭ69~gs�g_(L��WKW�>�ok3��+o[t-(�5x2[n�6_l˟�~HϱI�5�"`�:#Vڕ+zYL�n2?Zb�@�Jܓ�� >D73Tt�
�`GY�u`Kr
8ǩk[mx{����w}�uke!.��,0�:7�f˟]챾Wqٮ�7G,cӰ+`�j��7E]EtA<;=��=��v�{�����s�bcΜ67tU �
�ᘭ��=f_q�x�N|L/�ع9u�et�g)d̅2 !δ^xyu~ҕ�^�)If`cQd+8*)�ؐ��r���m5'0X�1'(��N�R�Qv7�`�N*)As�a#Dl���;ApV7�.]2�8LgѸ�g`#V+-5%ӫr&�x{e��7�5w�SF
�#y���=��`5>gvC�%�=wڲ �r7um�r�?19�&rX�>�Ō6�s~�ȝgz�^|j3�]x�
O�0gW�PэX�-f�1%Dv88)ҡCC^B
>eS1#7@n0\|H
d[\O^مt�3�\j��/�YH~>����r*r*]x�D4�Nb��ә�_yfϸ���W����aMd�?r^�k/o
X�ib 6/<|;�X�Yx(~�']f(FRq�O\||<��)>b3u㆗�7O~xtђ6�EKB]i��B"E�wl:���a(�]\}!l4{n_1���?ZsˬZY$I#;ov[M1�uc*aRSV}p0v.b(1lS2G4K�_jj*Jl�xTɉY+z[7N#�f[hh
/b�;f�1Բ�D��,��
|
Network Security & Hardware 
