Sunday, June 10, 2007

IT Security in the Software Engineering Process

We don’t need to discuss about the significance of security in today’s world. Globalization and worldwide networking come with a lot of opportunities and might lead to more prosperity. But risks and issues must be addressed. We do see many threat vectors increasing. Many attacks are more sophisticated, very focused on a specific target and driven by high criminal energy. This is a big challenge for Serious Software Development. It is a misconception to understand IT Security as a compilation of appliances and components like firewalls, IDS or anti-malware. This is not enough! Security must be addressed very early in the development process, latest in the phase of requirement engineering. As a result, a security architecture that is professionally designed, implemented, put in place, enforced, and maintained must be expected. This process comprises a lot of activities: coding principles, security features, threat assessments, testing (and testing and testing) and many more. And, teams should strive for less complexity. I know, it’s easier said than done. But it is nearly impossible to „make a complex system secure“. Upcoming posts will cover this topic in more detail.

No comments: