ITNow – Secure Software

The following introduction was originally published in the Information Security section of the BCS ITNow Magazine, December 2011 issue (Volume 53, Issue 6), which was on the topic of Secure Software:

Welcome to Information Security Now (ISNOW) in its new home in ITNOW. Since security and IT are often inseparable neither should be ignored, says Gareth Niblett chair of BCS ISSG.

Some consider secure software an oxymoron, and history has many incidents that seem to support this position, writes Gareth Niblett, Chair of the ISSG.

Most of us depend on software in our work and lives, although we sometimes may not realise it, and secure, dependable and resilient software is required for many of the things we take for granted.

All too frequently we hear of major IT project failures, online services being unavailable, systems being configured incorrectly, crashing and so on. Sometimes it is simply an inconvenience; sometimes there are serious consequences. Loss of Facebook is (or should be) less disastrous than an incorrect radiation dosage.

With hundreds of thousands of apps out in the mobile marketplace, along with all the software (and malware) that can be installed on personal computers, what assurances do end users, and the organisations they might work in, have that the software is secure, respects their privacy and is available when needed?

Tier 1 risk
In 2010, the UK National Security Strategy identified 15 priority risks, including a Tier 1 risk of hostile attacks upon UK cyber space, potential shortcomings in the UK’s cyber infrastructure and the actions of cyber terrorists and criminals: reduction of this risk is inherently linked to improving software security, dependability and resilience.

The Software Security, Dependability and Resilience Initiative (SSDRI – http://www.ssdri.org.uk/), which is a UK public-private platform for making software better, may be one initiative that can help in this area.

The SSDRI evolved from a Technology Strategy Board and Centre for the Protection of National Infrastructure-sponsored Secure Software Development Partnership.

Secure software is a BCS Security Community of Expertise (SCoE) hot topic.

A PDF version of the magazine is available online to BCS members at:

https://wam.bcs.org/wam/sentinelcheck.exe?/20799/20802/20964/20967/pdf/dec11.pdf