Abstract Details

<< Back to Schedule

9/27/2017  |   3:05 PM - 3:50 PM   |  Track 3 - Metrics

Tilting at Windmills: The Need to Reboot Software Development

SQL Injection attacks first appeared in 1998 and yet in 2016 new software vulnerable to this attack is still being developed. New products, such as Internet of Things devices, are being sold with well know insecure features including default passwords and insecure communications protocols enabled by default. The fundamental reason for the persistence of poor and insecure code being developed is because it is easier to develop poor insecure code than it is to develop good quality, secure code. To make a real difference everyone involved in software development needs to know 'what right looks like'. That mean good processes, good designs, good code, and good practices. A fundamental change in philosophy and direction by researchers, academics, language developers, and development tool vendors is needed so that it is harder to write poor code than to write good code. This presentation will discuss ways to make it easier and more cost effective to develop good code than to continuing to develop poor code.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Andrew Murren (Primary Presenter), Sila Solutions Group, amurren@silasg.com;
Andrew Murren, CISSP, CSSLP, is a Senior Cyber Security Engineer with Sila Solutions Group and has 20 years of experience in Information Security. He specializes in secure application development and secure networking. He has conducted and led, source code reviews, security assessments, and audits of systems ranging from embedded devices for the Department of Defense to networks for multinational corporations. Andy is the chair of the Open Source Software Institute's (OSSI) Governance Committee which is developing solutions and materials to help organizations manage Open Source Software. He is a member of several industry groups including IEEE, ACM, and ASQ. In 2013 Andy retired from the US Army Reserves as a Lieutenant Colonel. His last duty assignment was as a Planning Officer with US Cyber Command.

2017 Sponsors: IEEE and IEEE Computer Society