AOH :: ISNQ5922.HTM

'Rugged Manifesto' promotes secure coding

'Rugged Manifesto' promotes secure coding
'Rugged Manifesto' promotes secure coding


http://www.networkworld.com/news/2010/020810-rugged-manifesto-secure-coding.html 

By Tim Greene
Network World
February 08, 2010

Three respected security professionals have issued a call for developers 
to learn and practice secure programming in an effort to reduce the 
number of exploits directed at applications.

Called the Rugged Manifesto, the document encourages developers to adopt 
characteristics that will lead them to write more secure applications. 
The three authors of the manifesto are Josh Corman, an analyst with The 
451 Group; David Rice, formerly with the National Security Agency and 
author of Geekonomics, a book about the real cost of insecure software; 
and Jeff Williams, the chairman of OWASP, an organization focused on Web 
application security. The trio announced the project at the SANS 
Institure AppSec Conferenc in San Francisco Monday.

The problem now, Corman says, is that developers write code assuming the 
only task is to make it perform a function. But that can lead to 
programs riddled with vulnerabilities that can in turn lead to economic 
damages, lost data and lost productivity. "We have to get to the mass of 
programmers who simply don't realize their code is being attacked and 
subverted by talented and persistent adversaries," he says. 

The three are trying to motivate developers to aspire to rugged ideals 
and to learn how their code can be more secure. It's a philosophy or 
value set accompanied by business cases showing why it makes economic 
sense to write rugged software rather than dealing later with the 
consequences of vulnerable software. 

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods