Software security has been and still continues to be a top line issue for most organisations. Yet software development teams still continue to produce and deploy insecure code and applications with serious consequences for their brand, reputation and, of course, the finances of their customers and their own organisation.
So where can we draw the line? Where are the real truisms to be uncovered here? What are the indisputable industry axioms, tenets and best practices that we should all be aware of?
The following 'textual debate' is based on an original piece by Bola Rotibi CEng. who is research director of software development, delivery and lifecycle management for Creative Intellect Consulting Ltd.
We need to ask those involved in the software development, delivery and lifecycle management processes questions that can really expose and uncover the mechanics of their current practices. More importantly, we need to look at how they recognise and address the software security challenges that are presented by a variety of deployment platforms and application architectures in play today (e.g. web, mobile, virtualised desktops and production environments etc.)
Essentially, we must look at how software security risks are identified and how much importance is placed on the governance, education and training process.
Software Security Survey: evolution of role, delivery and deployment
Fundamentally, the premise of our recent research survey and stream is to understand the security challenges facing software security architects, software developers and in general the software delivery team in building applications deploying to multiple runtime platforms and environments. This is especially necessary as an increasingly mobile user audience is accessing software applications in multiple ways (using multiple devices) with high expectations for engagement and experience.
Editor's note: This point should be reinforced to say that users demand a consistent experience across all these new devices (desktop, mobile, tablet pc - and let's add virtualised desktop in there too). The challenge here is that the responsibility for consistency across the application landscape falls at several feet i.e. the architect who lays out the initial development model, the GUI designers who work on look and feel - and the programmers who build the mechanics. Ensuring consistency across these levels, then across devices and still retaining security and application effectiveness and integrity - well that's a tough call.
Our survey will address whether software security is handled better within certain industries and why? What are the trigger points and drivers for actively engaging in, improving or evolving a software security strategy and how important a role does tooling and automation play? These are important questions for determining how capable IT organisations are in dealing with software and application security effectively now and in the future.
The answers will allow many interested parties to anticipate the gaps and holes that are currently preventing IT organisations from tackling software security appropriately and successfully. It will also offer suggested strategies to improve an organisation's ability to do so in the light of evolving deployment environments and delivery models.
It is vital that software is developed correctly and effectively but also securely, not least because the alternative creates a barrier to future innovation and has a detrimental impact on the end user's overall experience and capacity to trust.
The survey link is shown right here: http://www.surveymonkey.com/s/SecuritySurvey-CIC
All respondents will get a copy of the full report and will be entered into a draw to win a half day consulting session with Creative Intellect Consulting Ltd in the field of software delivery and application lifecycle management.