Improving Security Across the Software Development Lifecycle

On the heels of Gary's take on Processes to Produce Secure Software, the National Cyber Security Partnership (NCSP) Task Force has drafted some secure code guidelines. The preliminary recommendations provide the first in-depth look at improving security across the software development lifecycle.

The NCSP Task Force report makes four key recommendations:

• Improving the education of current and future software developers, including making security a core component of software and computing degree courses. This includes the development of a Software Security Certification Accreditation Program.
  
• Developing best practices for putting security at the heart of the software design process.
  
• Adopting a set of "Guiding Principles for Patch Management" to ensure patches are well-tested, small, localized, reversible and easy to install.
  
• Adopting an "Incentives Framework" that policymakers, developers, companies and others can use to develop effective strategies and incentives for making software more secure.

It would be interesting to see a vendor neutral Software Security Certification Accreditation Program. I am curious to see the course outline for that.

Posted by SilverStr at April 8, 2004 08:03 AM | TrackBack