Design security into your code. Don’t just hope for the best

2nd March 2018
Source: LDRA
Posted By : Joe Bush
Design security into your code. Don’t just hope for the best

If someone constructed a suspension bridge by guessing the steel cabling sizes required and then loading the deck to see whether it collapsed, you would be unlikely to suggest that he was a great civil engineer. And if a lift manufacturer sized their motors by trying them to see whether they caught fire, you wouldn’t expect their electrical engineers to win many awards.

And yet these approaches are exactly analogous to how security critical software developers often approach their work. 

The development cycle for traditional security markets is a largely reactive one, where coding is developed mostly on an informal agile basis, with no risk mitigation and no coding guidelines. The resulting executables are then subjected to performance, penetration, load and functional tests to attempt to find the vulnerabilities that almost certainly result. The hope, rather than the expectation, is that all issues will be found and the holes adequately plugged.

Safety critical software development belongs to a different world, with a process that would be far more familiar to exponents of the more traditional engineering disciplines. A process that consists of defining requirements, creating a design to fulfil those requirements, developing a product that is true to the design, and then testing it to show that it is.

This paper argues that whether their product is safety critical or not, it is time for security critical software developers to embrace that same, sound engineering lifecycle. In doing so, it will compare and contrast the difference in focus between CERT C’s application centric approach to the detection of issues, versus MISRA’s ethos of using design patterns to prevent their introduction. It will advocate the use of reactive penetration and load tests to prove that the product is sound, rather than to find out where it isn’t.

In short, it challenges secure software developers to embrace the concept that it is far better to design in security rather than hope to remove insecurity.

A full LDRA white paper on designing in security from the beginning of a project can be downloaded below.

Downloads


You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Developing secure and scalable IoT solutions
21st June 2018
United Kingdom Cocoon Networks, London
The Security Event 2019
9th April 2019
United Kingdom NEC, Birmingham