State of the systems security

Software-intensive systems are increasingly pervading our everyday lives. As they get more and more connected, this opens them up to far-reaching cyber attacks. Moreover, a recent study by the U.S. Department of Homeland Security shows that more than 90% of current cyber-attacks are enabled not by f...

Full description

Saved in:
Bibliographic Details
Main Author: Bodden, Eric
Format: Conference Proceeding
Language:English
Subjects:
Cyberattack
Secure software development lifecycle
Secure software engineering
Software engineering
Software systems
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-intensive systems are increasingly pervading our everyday lives. As they get more and more connected, this opens them up to far-reaching cyber attacks. Moreover, a recent study by the U.S. Department of Homeland Security shows that more than 90% of current cyber-attacks are enabled not by faulty crypto, networks or hardware but by application-level implementation vulnerabilities. I argue that those problems can only be resolved by the widespread introduction of a secure software development lifecycle (SDLC). In this technical briefing I explain where secure engineering currently fails in practice, and what software engineers can do if they want to make a positive impact in the field. I will do so by explaining major open challenges in the field, but also by resorting to success stories from the introduction of SDLCs in industry.
ISSN:2574-1934
DOI:10.1145/3183440.3183462