By Tim Greene
February 08, 2010
Three respected security professionals have issued a call for developers
to learn and practice secure programming in an effort to reduce the
number of exploits directed at applications.
Called the Rugged Manifesto, the document encourages developers to adopt
characteristics that will lead them to write more secure applications.
The three authors of the manifesto are Josh Corman, an analyst with The
451 Group; David Rice, formerly with the National Security Agency and
author of Geekonomics, a book about the real cost of insecure software;
and Jeff Williams, the chairman of OWASP, an organization focused on Web
application security. The trio announced the project at the SANS
Institure AppSec Conferenc in San Francisco Monday.
The problem now, Corman says, is that developers write code assuming the
only task is to make it perform a function. But that can lead to
programs riddled with vulnerabilities that can in turn lead to economic
damages, lost data and lost productivity. "We have to get to the mass of
programmers who simply don't realize their code is being attacked and
subverted by talented and persistent adversaries," he says.
The three are trying to motivate developers to aspire to rugged ideals
and to learn how their code can be more secure. It's a philosophy or
value set accompanied by business cases showing why it makes economic
sense to write rugged software rather than dealing later with the
consequences of vulnerable software.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News