Application software is always going to contain flaws. The
trick is to catch the mistakes as early as possible, by building
security into the entire software development life cycle
(SDLC),writes Peter Wood of the ISACA Conference
Committee and founder of First Base Technologies.
Vendors that have formal security standards for coding, for
example based on the OWASP methodology for web developers, stand a
much better chance of releasing secure software.
Regular testing throughout the development cycle is also
critical, as well as independent testing prior to release.
Potential customers should seek assurance from vendors that their
developers have been trained in good security practice, that they
have formal security checks in place throughout the SDLC, and that
they engage independent security testers before releasing product
to their customers.
Read more expert advice from the Computer Weekly Security Think
Tank >>