The Importance of Secure Programming
-
Upload
phelan-cortez -
Category
Documents
-
view
36 -
download
0
description
Transcript of The Importance of Secure Programming
The Importance of Secure Programming
"the cyber threat is one of the most serious economic and national security challenges we face as a nation"
and “America's economic prosperity in the 21st century will depend on cybersecurity.”
President Obama, www.whitehouse.gov
“The next Pearl Harbor we confrontcould very well be a cyber attack
that cripples our grid
our security systems
our financial systems
our governmental systems.”
In 2013: January 31: The New York Times and the
Wall Street Journal revealed their respective websites had been the target of a well-coordinated hacking effort.
Feb 1: Hackers targeted Twitter, gaining “limited” access to around 250,000 user accounts, including “usernames, email addresses, session tokens and encrypted/salted versions of passwords”
Feb 4: “Energy Department Hit In The Most Dangerous Cyber Attack Yet”
Feb 6: “Federal Reserve Hit by Cyber Attack”
“Here a Hack, There a Hack, Everywhere a Cyber Attack”
“Super Bowl Blackout Wasn’t Caused by Cyberattack”
Software vulnerabilities
Vulnerability – weakness in the software Estimated 1 to 7 defects per thousand lines
of code For large system with millions of lines of
code => thousands of vulnerabilities
Big Three
Three programming errors are responsible for 85% of vulnerabilities (SANS)
Buffer overflow - 23% increase
Integer overflow Input validation
Software Security begins with education
It is our job to teach secure coding
“I think the most critically important part of delivering secure systems is raising awareness through security education.”
Bill Gates, Microsoft
“The ability to write secure code should be as fundamental to a university computer science undergraduate as basic literacy.”
Matt Bishop, UC Davis
“The first and foremost strategy for reducing securing related coding flaws is to educate developers how to avoid creating vulnerable code.”
Robert C. Seacord, CERT
The current state of undergraduate security education…
• Security tracks • Security classes• Reaches only a
subset of students• Courses occur late
in curriculum• After students have
learned fundamental coding and design
Too little, too late
Early andOften
Create a Security Mindset
Secure coding education in a perfect world …