Stories
Slash Boxes
Comments

SoylentNews is people

Lack of Secure Coding Called a National Security Threat

posted by Fnord666 on Wednesday May 22 2019, @10:44AM   Printer-friendly
from the software-security-is-not-an-aftermarket-accessory dept.

upstart writes:

Submitted via IRC for AnonymousLuser

Lack of Secure Coding Called a National Security Threat

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology, a cybersecurity think tank.

Rob Roy, an ICIT fellow who was co-author of the report, suggests in an interview with Information Security Media Group that an app standards body could play an important role in improving app security.

"If there were some objective standards put in place that all software would have to abide by, then we could start to make progress," Roy says. "It may just be that there needs to be an objective standard ... and a legislative mandate that requires a certain level of assurance to provide an assured product."

The "call to action" report, "Software Security Is National Security: Why the U.S. Must Replace Irresponsible Practices with a Culture of Institutionalized Security," discusses systemic issues with the software development landscape and what needs to be done to rectify the problem of negligent coding. But solving the problem won't be easy, given the problems of speed-to-market pressures and the sheer number of IoT devices being produced, the report notes.

[Ed Note - for those Soylentils that are software developers, does your company provide training/mentoring on how to develop secure software?]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Lack of Secure Coding Called a National Security Threat | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Rupert Pupnick on Wednesday May 22 2019, @05:04PM (1 child)

    by Rupert Pupnick (7277) on Wednesday May 22 2019, @05:04PM (#846305) Journal

    Yes, I didn’t mean to suggest that money wouldn’t be spent, only that it won’t fund the organizations and businesses that have the expertise to address and fix the problem. Any money will go to a Blue Ribbon Expert Panel on Cybersecurity whose members will be appointed after a Nationwide Search [tm].

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 2) by All Your Lawn Are Belong To Us on Thursday May 23 2019, @03:26PM

    by All Your Lawn Are Belong To Us (6553) on Thursday May 23 2019, @03:26PM (#846666) Journal

    Was going to comment last night. Figured you actually might have meant something like that, and well said.

    --
    This sig for rent.