22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014), November 16–21, 2014, Hong Kong, China

Desktop Layout

Engineering Secure Software: On The Many Ways You Should Be Breaking Your Product
Tutorial
Hall 1
Engineering Secure Software: On The Many Ways You Should Be Breaking Your Product
Andy Meneely
(RIT)
Abstract: Security is a tough reality for software engineers today. Software products that are maliciously abused can undermine the many activities of our modern, digital world. The software that we depend upon must be secure, or we are at risk not just as “users”, but as consumers, patients, and citizens. The daily grind for a software engineer is already heavy: understanding customer requirements, collaborating in large teams, learning new technologies, fixing bugs, and delivering new features on time. All of these activities involve a mindset of “building” software, yet security is about “breaking” software. To a customer, software is supposed to transparently improve their lives. To a malicious hacker, software is an opportunity to abuse functionality for malicious gain. As a result, software engineers must maintain both the “builder” mindset as well as the “breaker” mindset throughout the software-development lifecycle. In this tutorial, we will examine how security can be integrated into each step of the software-development lifecycle. We will also discuss recent trends in Engineering Secure Software, such as evidence-based engineering of secure software and the effects of catastrophic vulnerabilities such as Heartbleed.

Author:


Time stamp: 2019-07-21T20:56:09+02:00