An interesting Webinar on Security & Software Testing
Lack of comprehensive software testing makes consumers nothing more than crash test dummies. A majority of cyber security issues today are created by flaws that can be largely tested away in the software development life-cycle but are not. Every flaw that escapes quality assurance practices has a high likelihood of causing significant costs to the end user.
Security today is part of quality assurance practices, or at least it should be. But in quality assurance, everything should be measurable before it is meaningful. One of the arguments author David Rice makes in his book "Geekonomics" is the importance of making security visible in the market place; that is, buyers can price their risk through some easy to comprehend metric. But before that, at least the manufacturers of software have to understand the required metrics. Today, David's talk touches on security metrics, their importance, and their use in software purchasing practices.
Fuzzing is about crash-testing your software, instead of using consumers as crash test dummies. Fuzzing is a compelling solution to eliminating cyber security problems. Fuzzing is not new, it has been used actively by the security community since 1990s. What is new is how fuzzing is used in a business context: fuzzing is being employed as part of procurement criteria to compare the security and quality of software and thus influence purchasing decisions. Metrics in this field are still immature, but Ari Takanen will give a brief look at where we are today.
Register for the Webinar
No comments:
Post a Comment