Software Security Still An Increasing Threat

This is a nice short piece from CIO magazine about software security. The recommended coding and testing practices aren't new but, unfortunately, they're not practiced in many software shops.

Here's a sample from the article:

• Training software developers to implement language-specific secure coding practices and ensuring their use;
• Performing source-code review using static analysis and other types of code-analysis tools;
• Understanding the differences between software security testing and traditional software testing, and reflecting these in the software test program;
• Conducting risk-based security testing that exercises common mistakes, suspected software weaknesses and implemented approaches for mitigating risks to make sure they work and cannot be circumvented.

The article also emphasized performing an architectural risk analysis to assess the ability of the code to withstand security threats.