This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Developing Secure Products in the Age of Advanced Persistent Threats
May-June 2012 (vol. 10 no. 3)
pp. 88-92
Eric Baize, EMC Corp.
Advanced persistent threats (APTs) are making technology providers reconsider their security assumptions for secure product development. This article suggests an industry roadmap for rethinking product security in the face of APTs. It also describes steps EMC has taken to implement this roadmap and strengthen its product development practices.

1. D. Drummond, "A New Approach to China," blog, 12 Jan. 2010; http://googleblog.blogspot.com/2010/01new-approach-to-china.html.
2. A. Coviello, "Open Letter to RSA Customers," RSA, Mar. 2011; www.rsa.comnode.aspx?id=3872.
3. "When Advanced Persistent Threats Go Mainstream," white paper, Security for Business Innovation Council, Aug. 2011.
4. "Fundamental Practices for Secure Software Development, 2nd Edition: A Guide to the Most Effective Secure Development Practices in Use Today," SAFECode, 8 Feb. 2011; www.safecode.org/publicationsSAFECode_Dev_Practices0211.pdf.
5. M. Howard and S. Lipner, The Security Development Life Cycle, Microsoft Press, 2006.
6. D. Dhillon, "Developer-Driven Threat Modeling: Lessons Learned in the Trenches," IEEE Security & Privacy, vol. 9, no. 4, 2011, pp. 41–47.
7. "Claims by Anonymous about Symantec Source Code," Symantec, Jan. 2012; www.symantec.comtheme.jsp?themeid=anonymous-code-claims.
8. "Software Integrity Controls: An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain," SAFECode, 14 June 2010; www.safecode.org/publicationsSAFECode_Software_Integrity_Controls0610.pdf.
9. A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, 1979, pp. 612–613; doi:10.1145/359168.359176.
10. A.C. Yao, "Protocols for Secure Computations" (extended abstract), Proc. 23rd Ann. Symp. Foundations of Computer Science, IEEE CS, 1982, pp. 160–164.
11. J. Brainard et al., "A New Two-Server Approach for Authentication with Short Secrets," Proc. 12th Usenix Security Symp. (SSYM 03), Usenix Assoc., 2003, pp. 201–214.
12. G. McGraw, B. Chess, and S. Migues, "Building Security In Maturity Model," Sept. 2011; http:/bsimm.com.
13. "Open Trusted Technology Provider Standard (O-TTPS) Snapshot," Open Group, Feb. 2012; www.opengroup.org/bookstore/catalogs121.htm.

Index Terms:
advanced persistent threats, secure software, attack-resistant software, secure software development lifecycle, EMC, risk governance, BSIMM, SAFECode, computer security, APT
Citation:
Eric Baize, "Developing Secure Products in the Age of Advanced Persistent Threats," IEEE Security & Privacy, vol. 10, no. 3, pp. 88-92, May-June 2012, doi:10.1109/MSP.2012.65
Usage of this product signifies your acceptance of the Terms of Use.