Visible to the public Biblio

Filters: Author is Tobin, W.  [Clear All Filters]
2018-02-02
Whitmore, J., Tobin, W..  2017.  Improving Attention to Security in Software Design with Analytics and Cognitive Techniques. 2017 IEEE Cybersecurity Development (SecDev). :16–21.

There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software is an elusive goal for most. It requires every team to know and apply a wide range of security knowledge in the context of what software is being built, how the software will be used, and the projected threats in the environment where the software will operate. The drive for better outcomes for secure development and increased developer productivity led to experiments to augment developer knowledge and eventually realize the goal of "building the right security in".