Software Process

From CyberSecurity
Revision as of 06:35, 21 November 2005 by Leonarde (talk | contribs) (Whitepaper Proposal)

Jump to: navigation, search

Whitepaper Proposal

Summary

Enterprises have been concerned with developing the most feature rich-applications to give them a competitive advantage in the marketplace. This approach has created vulnerable code that can be fall prey to the threat of cyberterrorism, hacking and financial risk posed by privacy legislation and litigation. Development processes must change to improve the security and privacy of code. Recommendations for public policy as well as software practices will be introduced.

Section 1: Factors Driving the Need for Changes to Modern Software Practices

Daryl Sterling: The first section will discuss the factors that have emerged and are driving the need for changing software practices. First among these changes is the emergence of the Internet and the attacks that are enabled by it. Analysis of the following attacks will included but not be limited to: hacking through buffer/integer overruns, cross-site scripting, SQL injection, etc; problems with patching lifecycle)

Section 2: Broken Software Practices

Eric Leonard: Section two will review the history of current software practices to show how we have arrived in current security and privacy crises. It will analyze the shortcomings and biases of current practices and how incentives need to change. Some of the problems that will be addressed will be: the lack of security and software engineering training in universities, the hacking subculture, marketing and feature-driven development, software processes that give little time for review and test.

Section 3: Improved Software Processes

:Chad Parry: Improvements to software processes will addressed in section three. Various proposed changes will be discussed including the tenants found in the Microsoft Software Development Lifecycle (SDL). The proposed improvements will mirror each of the shortcomings that were posed in the previous sections.

Section 4: The Role of Public Policy Governing the Changes

Charistel Ticong: Section 4 will discuss public policy for protection and security of computer dating back to the year 1973, with the privacy and security concerns of storing personal medical records on computers. It will discuss the how the benefits of computerization were weighed with the concern for safety and reliability of storing personal information on computers. (Privacy Rights Clearinghouse). Public policy must be updated in the light of today’s more complicated security landscape and sophisticated hackers and cyber terrorists. Discussion will include the Code of Fair Information Practices, which consists of five clauses: openness, disclosure, secondary use, correction, and security. It will also discuss legislation that affects corporate security and privacy policy (Sarbanes-Oxely, SB1386, etc.)

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Software_Process&oldid=2875"