• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News


Crypto - News | Security - News

08 / 2005
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Vývoj bezpe?ného softwaru - záležitost managementu

Strategie organizací v šesti bodech:
  • 1. Conduct a software audit. An audit will uncover and help prioritize existing security vulnerabilities and code quality issues.
  • 2. Implement a "stop the bleeding" plan. The plan, accomplished by deploying an extensible, rules-based "quality/security compiler," ensures that tactical issues are addressed and enforces proper coding practices in new development.
  • 3. Perform a more detailed in-process audit. The in-depth audit looks for design and architecture weaknesses and correlates them with known security vulnerabilities. The findings are used to help plan a strategic road map.
  • 4. Convert in-process audit findings into policy. The next step is to clean up "one-time fixes" and update a rules-based security compiler to include any new policy requirements.
  • 5. Measure improvement. To gauge the initiative's success, it is imperative to monitor the trends and results from implementing the new processes and tools.
  • 6. Manage iterations of improvements. This iterative process requires repeating Steps 3 through 5. The key is to streamline the change process based on priorities, starting with the highest priority weaknesses.
Zdroj: http://www.computerworld.com/securitytopics/security/story/0,10801,104127,00.html
Autor: JP

<<- novější - Princip nejmenšího privilegia
Design: Webdesign