Building More Secure Software
Generally we think of security as an operational IT issue focused on defending our computers and networks from attackers and from security breaches; or we think of security as information security, concerned with protecting information in digital form. But what is software security, and how is it different from IT or information security?
In a nutshell, the objective of software security is to build better, defect-free software. Typically software has many defects, which tend to be the source of security vulnerabilities in our operational systems and networks. So another way to think about software security is developing software that is more able to resist attack. And in the face of an attack—a successful attack—it’s better able to tolerate the attack and recover from the attack as quickly as possible.
This column is based on a podcast recorded with Julia Allen and posted to CERT’s Podcast Series: Security for Business Leaders.