Industrial Challenges of Secure Software Development

By Achim D. Brucker.

Developing secure software requires more than the definition of a process, i.e., a Secure Software Development Lifecycle. The successful implementation of a Secure Software Development Lifecycle relies on many factors among them providing the right tools to developers that support them in writing secure and reliable code.

Based on SAP’s experience in the large scale introduction of static code analysis tools as well as the use of dynamic (security) testing tools, I will discuss several challenges of secure development approaches in industry such as finding the right balance between security requirements and development efforts or the between the precision of a security analysis and its scalability.

Please cite this work as follows:
A. D. Brucker, “Industrial challenges of secure software development,” presented at the Seminar on road mapping cybersecurity research and innovation (NIS WG3/CAPITAL/CSP FORUM), Florence, Italy, Oct. 08, 2014. Author copy: http://logicalhacking.com/publications/talk-brucker-ssdl-challenges-2014/

BibTeX
@Unpublished{ talk:brucker:ssdl-challenges:2014,
  date              = {2014-10-08},
  title             = {Industrial Challenges of Secure Software Development},
  language          = {USenglish},
  slideshare        = {key/fD232sUZtYxuzE},
  slideshare_width  = {427},
  slideshare_height = {356},
  venue             = {Florence, Italy},
  author            = {Achim D. Brucker},
  eventtitle        = {Seminar on Road Mapping Cybersecurity Research and Innovation
                       (NIS WG3/CAPITAL/CSP FORUM)},
  abstract          = {Developing secure software requires more than the definition
                       of a process, i.e., a Secure Software Development Lifecycle.
                       The successful implementation of a Secure Software Development
                       Lifecycle relies on many factors among them providing the
                       right tools to developers that support them in writing secure
                       and reliable code.
                       
                       Based on SAP's experience in the large scale introduction of
                       static code analysis tools as well as the use of dynamic
                       (security) testing tools, I will discuss several challenges of
                       secure development approaches in industry such as finding the
                       right balance between security requirements and development
                       efforts or the between the precision of a security analysis
                       and its scalability.},
  areas             = {software},
  note              = {Author copy: \url{http://logicalhacking.com/publications/talk-brucker-ssdl-challenges-2014/}},
}