Secure Software Development - Let's make it happen

Clairvoyance is a skill I’d be reluctant to claim, so perhaps there really are morphic fields out there that shape our common thinking. Either way, it seems that at the same time that I was posting my recent blog entry on software development standards, John Harrison was inviting me to join his Cyber Security KTN special interest group on Secure Software Development. For those of you interested in this area there is a first meeting of this important group in London next Tuesday.

It’s a promising development looking to solve a serious problem. When was the last time you encountered a set of software development standards that required practitioners to evaluate risks, consider regulatory compliance, develop security architecture, implement secure coding standards and apply static and dynamic security testing? The answer is almost certainly no.

So what do we have to do to make it work? Not a lot. Just join forces and agree a new set of standards. And there is plenty of good stuff already out there. We just have to bring it together in a palatable form and demand that our software suppliers adopt it.