Bridging the Gap between Software Development and Information Security

Kenneth R. van Wyk; Gary McGraw

doi:10.1109/MSP.2005.118

Security&Privacy
2005
Issue No. 5 - September/October
Abstract - Bridging the Gap between Software Development and Information Security

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kenneth R. van Wyk Articles by Gary McGraw

Bridging the Gap between Software Development and Information Security

September/October 2005 (vol. 3 no. 5)

pp. 75-79

	ASCII Text	x
	Kenneth R. van Wyk, Gary McGraw, "Bridging the Gap between Software Development and Information Security," IEEE Security & Privacy, vol. 3, no. 5, pp. 75-79, September/October, 2005.

	BibTex	x
	@article{ 10.1109/MSP.2005.118, author = {Kenneth R. van Wyk and Gary McGraw}, title = {Bridging the Gap between Software Development and Information Security}, journal ={IEEE Security & Privacy}, volume = {3}, number = {5}, issn = {1540-7993}, year = {2005}, pages = {75-79}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2005.118}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Bridging the Gap between Software Development and Information Security IS - 5 SN - 1540-7993 SP75 EP79 EPD - 75-79 A1 - Kenneth R. van Wyk, A1 - Gary McGraw, PY - 2005 KW - building security in KW - BSI KW - infosec KW - softdev VL - 3 JA - IEEE Security & Privacy ER -

Kenneth R. van Wyk, Cigital and KRVW Associates

Gary McGraw, Cigital

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.118

Traditionally, software development efforts in large corporations have been about as far removed from information security as they were from human resources or any other business function. The disconnect between security and development has ultimately produced software development efforts that lack any sort of contemporary understanding of technical security risks. Today's complex and highly connected computing environments trigger myriad security concerns, so by blowing off the idea of security entirely, software builders virtually guarantee that their creations will have way too many security weaknesses that could--and should--have been avoided. This article presents some recommendations for solving this problem.

Index Terms:

building security in, BSI, infosec, softdev

Citation:

Kenneth R. van Wyk, Gary McGraw, "Bridging the Gap between Software Development and Information Security," IEEE Security & Privacy, vol. 3, no. 5, pp. 75-79, Sept.-Oct. 2005, doi:10.1109/MSP.2005.118

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.