Secure Software Design and Development
The idea of including a cybersecurity approach for software engineering is often scoffed at by software engineers because, let's face it, creating secure software requires a lot more work. However, it's no longer a nice-to-have, but rather a must have for organizations hoping to produce software that is profitable, useful, and secure. Insecure software in today's devices, such as cars, home automation, robotics, and other automated heavy machinery can put human lives at risk. Since the 1950's there has been a significant effort implementing safety engineering to prevent accidental injury or death to human lives, however, today cybersecurity engineering is just as critical as attackers can shut down electric grids, or interfere with a vehicle and cause an accident; a scenario which has caught the attention of federal agencies (National Highway Safety Administration, 2019).
A final project for a major component of a fictional Reporting and Alerts Engine for a larger supply chain management system, created by myself and my team during the Secure Software Design and Development course, took a lot of effort. However, the insights gained regarding cybersecurity threats against such a system are invaluable. The document required a test plan, testing and validation, regression testing methodologies, and verification and functional testing. These are all boring and unsexy tasks to software engineers, yet they make the engineering part of the process secure all early identification of problems to reduce long-term costs.
The best benefit of secure software development is that it reduces costs over the long term. Engineers can ensure management is aware of this benefit by identifying post-sale cost to remediate vulnerabilities or errors in software. This process often demonstrates that the short term investments are exponentially less than the long term costs to correct errors later in the software development lifecycle.
References
The idea of including a cybersecurity approach for software engineering is often scoffed at by software engineers because, let's face it, creating secure software requires a lot more work. However, it's no longer a nice-to-have, but rather a must have for organizations hoping to produce software that is profitable, useful, and secure. Insecure software in today's devices, such as cars, home automation, robotics, and other automated heavy machinery can put human lives at risk. Since the 1950's there has been a significant effort implementing safety engineering to prevent accidental injury or death to human lives, however, today cybersecurity engineering is just as critical as attackers can shut down electric grids, or interfere with a vehicle and cause an accident; a scenario which has caught the attention of federal agencies (National Highway Safety Administration, 2019).
A final project for a major component of a fictional Reporting and Alerts Engine for a larger supply chain management system, created by myself and my team during the Secure Software Design and Development course, took a lot of effort. However, the insights gained regarding cybersecurity threats against such a system are invaluable. The document required a test plan, testing and validation, regression testing methodologies, and verification and functional testing. These are all boring and unsexy tasks to software engineers, yet they make the engineering part of the process secure all early identification of problems to reduce long-term costs.
The best benefit of secure software development is that it reduces costs over the long term. Engineers can ensure management is aware of this benefit by identifying post-sale cost to remediate vulnerabilities or errors in software. This process often demonstrates that the short term investments are exponentially less than the long term costs to correct errors later in the software development lifecycle.
References
- National Highway Safety Administration. (2019, June 07). Vehicle Cybersecurity. Retrieved July 29, 2019, from https://www.nhtsa.gov/technology-innovation/vehicle-cybersecurity