Cigital chief technology officer Gary McGraw and colleagues examined 30 companies' secure software development practices to create the Building Security in Maturity Model, a measurement instrument that companies could use to enhance their own software security efforts. He says that a key practice observed in all firms was having host and network security fundamentals, such as firewalls or a network security person, in place prior to starting work on software security.
McGraw describes most of the analyzed companies as doing a "reasonable" job in terms of software security, and he notes that consumers' desire for secure software is starting to make the jump from being an implicit demand to an explicit one. "I think consumers can and should begin to demand more secure software, to ask for some evidence that software is more secure, and to reward with their dollars those companies that are doing a better job," McGraw says.
He also says that more secure software is the only way we can make progress in computer security because it will limit the number of exploits available to hackers.
View Full Interview
Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA