Call for Papers

Navigating the Jungle of Secure Coding Standards ( Vortrag )

Software Security is Becoming Increasingly Important

Referent: Michal Rozenau, Parasoft
Vortragsreihe: Implementierung II
Zeit: 04.12.18 14:45-15:25

Zielgruppe

sonstige Zielgruppe

Themenbereiche

Test & Qualitätssicherung, Software Engineering Management, Sichere Software

Schwerpunkt

sonstiger Schwerpunkt

Voraussetzungen

Expertenwissen

Kurzfassung

We live in a world where software can be found everywhere. Whether it is a plane, a car, a medical device, a mobile phone, a refrigerator, or a watch – it probably has some software in it. Software is an essential part of today’s businesses, whether for a bank or insurance company, an energy plant, or a traffic control system, and while it provides opportunities, it also brings risks. Potential security holes can be exploited to gain unprivileged access to important systems, whether that means a simple hack like turning off your lights when you don’t expect it, spying on you with your cameras, or emptying your bank accounts. For this reason, software security is becoming increasingly important.

Gliederung

Most organizations make some efforts to ensure the software they produce is safe and secure. Usually this is done in the form of black-box testing or penetration testing, which is great, and necessary, but an even better way is to produce more secure and reliable software in the first place. To do so, there is a large amount of information to tackle, including security coding standards (i.e. CERT Coding Standards, OWASP, CWE) and numerous domain-specific standards (i.e. MISRA, AUTOSAR Coding Guidelines, and a whole family of IEC 61508-based standards). It can be challenging to determine the set of coding standards that should be applied to a specific project, and it is even more challenging to do so in the middle of software development, when the already-existing software needs to suddenly be tuned to comply to such a standard.

Nutzen und Besonderheiten

In this presentation, we will shed light on the common domain-specific secure coding techniques and standards. We will explain their differences and commonalities and how they can complement each other. We will also present techniques for choosing the right set of coding standards to comply with, and describe techniques for dealing with a large number of violations when the coding standard is applied to the existing code base.

Über den Referenten

Michal Rozenau is a Project Lead Engineer at Parasoft. He finished his MSc studies in Computer Science at the AGH University of Science and Technology in Krakow in 2003. Since then, he gained software development experience using C, C++, Java and C# languages.He also specialized in applying Parasoft's products to use in the safety related applications complying to safety standards such as IEC 61508, ISO 26262, DO-178B/C, EN 50126.