1 / 16

The Importance of Secure Programming

The Importance of Secure Programming. "the cyber threat is one of the most serious economic and national security challenges we face as a nation" and “ America's economic prosperity in the 21st century will depend on cybersecurity.” President Obama, www.whitehouse.gov.

Télécharger la présentation

The Importance of Secure Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Importance of Secure Programming

  2. "the cyber threat is one of the most serious economic and national security challenges we face as a nation" and “America's economic prosperity in the 21st century will depend on cybersecurity.” President Obama, www.whitehouse.gov

  3. “The next Pearl Harbor we confrontcould very well be a cyber attack

  4. that cripples our grid

  5. our security systems

  6. our financial systems

  7. our governmental systems.”

  8. In 2013: • January 31: The New York Times and the Wall Street Journal revealed their respective websites had been the target of a well-coordinated hacking effort. • Feb 1: Hackers targeted Twitter, gaining “limited” access to around 250,000 user accounts, including “usernames, email addresses, session tokens and encrypted/salted versions of passwords” • Feb 4: “Energy Department Hit In The Most Dangerous Cyber Attack Yet” • Feb 6: “Federal Reserve Hit by Cyber Attack” • “Here a Hack, There a Hack, Everywhere a Cyber Attack” • “Super Bowl Blackout Wasn’t Caused by Cyberattack”

  9. Software vulnerabilities • Vulnerability – weakness in the software • Estimated 1 to 7 defects per thousand lines of code • For large system with millions of lines of code • => thousands of vulnerabilities

  10. Big Three Three programming errors are responsible for 85% of vulnerabilities (SANS) • Buffer overflow - 23% increase • Integer overflow • Input validation

  11. Software Security begins with education It is our job to teach secure coding

  12. “I think the most critically important part of delivering secure systems is raising awareness through security education.” Bill Gates, Microsoft

  13. “The ability to write secure code should be as fundamental to a university computer science undergraduate as basic literacy.” Matt Bishop, UC Davis

  14. “The first and foremost strategy for reducing securing related coding flaws is to educate developers how to avoid creating vulnerable code.” Robert C. Seacord, CERT

  15. The current state of undergraduate security education… • Security tracks • Security classes • Reaches only a subset of students • Courses occur late in curriculum • After students have learned fundamental coding and design Too little, too late

  16. Create a Security Mindset Early and Often Secure coding education in a perfect world …

More Related