The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2012 vol.10)
pp: 88-92
Eric Baize , EMC Corp.
ABSTRACT
Advanced persistent threats (APTs) are making technology providers reconsider their security assumptions for secure product development. This article suggests an industry roadmap for rethinking product security in the face of APTs. It also describes steps EMC has taken to implement this roadmap and strengthen its product development practices.
INDEX TERMS
advanced persistent threats, secure software, attack-resistant software, secure software development lifecycle, EMC, risk governance, BSIMM, SAFECode, computer security, APT
CITATION
Eric Baize, "Developing Secure Products in the Age of Advanced Persistent Threats", IEEE Security & Privacy, vol.10, no. 3, pp. 88-92, May-June 2012, doi:10.1109/MSP.2012.65
REFERENCES
1. D. Drummond, "A New Approach to China," blog, 12 Jan. 2010; http://googleblog.blogspot.com/2010/01new-approach-to-china.html.
2. A. Coviello, "Open Letter to RSA Customers," RSA, Mar. 2011; www.rsa.comnode.aspx?id=3872.
3. "When Advanced Persistent Threats Go Mainstream," white paper, Security for Business Innovation Council, Aug. 2011.
4. "Fundamental Practices for Secure Software Development, 2nd Edition: A Guide to the Most Effective Secure Development Practices in Use Today," SAFECode, 8 Feb. 2011; www.safecode.org/publicationsSAFECode_Dev_Practices0211.pdf.
5. M. Howard and S. Lipner, The Security Development Life Cycle, Microsoft Press, 2006.
6. D. Dhillon, "Developer-Driven Threat Modeling: Lessons Learned in the Trenches," IEEE Security & Privacy, vol. 9, no. 4, 2011, pp. 41–47.
7. "Claims by Anonymous about Symantec Source Code," Symantec, Jan. 2012; www.symantec.comtheme.jsp?themeid=anonymous-code-claims.
8. "Software Integrity Controls: An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain," SAFECode, 14 June 2010; www.safecode.org/publicationsSAFECode_Software_Integrity_Controls0610.pdf.
9. A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, 1979, pp. 612–613; doi:10.1145/359168.359176.
10. A.C. Yao, "Protocols for Secure Computations" (extended abstract), Proc. 23rd Ann. Symp. Foundations of Computer Science, IEEE CS, 1982, pp. 160–164.
11. J. Brainard et al., "A New Two-Server Approach for Authentication with Short Secrets," Proc. 12th Usenix Security Symp. (SSYM 03), Usenix Assoc., 2003, pp. 201–214.
12. G. McGraw, B. Chess, and S. Migues, "Building Security In Maturity Model," Sept. 2011; http:/bsimm.com.
13. "Open Trusted Technology Provider Standard (O-TTPS) Snapshot," Open Group, Feb. 2012; www.opengroup.org/bookstore/catalogs121.htm.
425 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool