This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies. You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

26 - 28 February 2019 // Nuremberg, Germany

Conferences and supporting programme

back to day overview
Session 31 - Software Engineering V - Software Design & Modeling

Design Security Into Your Code. Don't Just Hope to Remove Insecurity Vortragssprache Englisch

If someone constructed a suspension bridge by guessing at steel cabling sizes and then loading the deck to see whether it collapsed, you would be unlikely to suggest that he was a great civil engineer. And if a lift manufacturer sized their motors by trying them to see whether they caught fire, you wouldn’t expect their electrical engineers to win many awards. And yet these approaches are exactly analogous to how security critical software developers often approach their work. The development cycle for traditional security markets is a largely reactive one, where coding is developed mostly on an informal agile basis, with no risk mitigation and no coding guidelines. The resulting executables are then subjected to performance, penetration, load and functional tests to attempt to find the vulnerabilities that almost certainly result. The hope, rather than the expectation, is that all issues will be found and the holes adequately plugged. Safety critical software development belongs to a different world, with a process that would be far more familiar to exponents of the more traditional engineering disciplines. A process that consists of defining requirements, creating a design to fulfil those requirements, developing a product that is true to the design, and then testing it to show that it is. This paper will argue that whether their product is safety critical or not, it is time for security critical software developers to embrace that same, sound engineering lifecycle. In doing so, it will compare and contrast the difference in focus between CERT C’s application centric approach to the detection of issues, versus MISRA’s ethos of using design patterns to prevent their introduction. It will advocate the use of reactive penetration and load tests to prove that the product is sound, rather than to find out where it isn’t. In short, it will challenge secure software developers to embrace the concept that it is far better to design in security rather than hope to remove insecurity.

--- Date: 01.03.2018 Time: 11:30 AM - 12:00 PM Location: Conference Counter NCC Ost



Mark Pitchford

LDRA Limited


The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.