Cloud Computing: The time is now. Security Development Must be a Priority for Everyone

May 14, 2013 Off By David

Grazed from TechNet. Author: Steve Lipner.

Today marks the first day of the Security Development Conference 2013. Security professionals from companies, government agencies and academic institutions have traveled from all over the world to learn, network and share proven security development practices that can reduce an organization’s risk. As I sit here waiting for Scott Charney to take the stage, I am reminded that it’s been almost a decade since Microsoft implemented its Security Development Lifecycle (SDL). So much has changed in that time.

In the past decade, Internet usage has gone from roughly 350 million people online to more than 2.4 billion. Today there are more opportunities than ever before for developers. Windows 8 is still relatively new, the cloud is in its early stages of adoption and there has been an explosion in new mobile devices and platforms. While the Internet has created many new opportunities and ways to do business, it has also spawned a digital underground for online crime. Security breaches that have financial consequences or lead to intellectual property loss, website defacement or espionage have become a reality in today’s computing landscape…

Many of the developers I talk with generally recognize the importance of security development. Despite this, the evidence suggests that the vast majority of organizations still have not adopted security development as a fundamental professional discipline. Microsoft recently surveyed over 2200 IT professionals and 490 developers worldwide. The survey found that only 37 percent of IT Professionals cited their organizations as building their products and services with security in mind. Furthermore, 61 percent of developers were not taking advantage of mitigation technologies that already exist such as ASLR, SEHOP and DEP. These mitigations have been freely available to the industry for years and are often simple additions to existing development practices–and yet only a minority of developers are leveraging them. This is concerning to me and it should be concerning to everyone who uses the Internet…

CategoryNews

Engine Yard Announces General Availability of PHP on Engine Yard Cloud and Support for Riak Distributed Database

Cloud Computing: IT Reaches the Tipping Point