Enterprise Software Security: A Confluence of Disciplines


Posted on by Ben Rothke

To date, most software security books have focused solely on writing secure code and educating developers on how to do that.

In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With is needed is, as the titles notes, a confluence, a process of merging two autonomous groups. In this case, those groups are software development security and network security.

ess

By having enterprise security interact with their software engineers and developers (which is in truth, not such a radical idea), the ability to fully protect software can be actualized.

The authors note that it is an imperative for these two groups to collaborate to ensure effective enterprise security. Obviously, just placing these two groups in a conference room and telling them to work security out is a method that is bound to fail. Hence, the book provides a holistic approach and method in which they can work together.

The book shows how this confluence will work throughout the entire software development lifecycle; from inception, design, implementation, testing, deployment, operation, to software maintenance and more.

As noted, this is not secure software guide, such as Robert Seacord’s superb CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems or Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs. Readers looking for detailed coding guidelines or ways to write secure code against the OWASP Top 10 won’t find it in this title.

What the book does offer is a method to enhance software security by ensuring those who are expected to create and maintain it, and support the platforms it runs on, play nicely. That act of having software development and enterprise security place nicely in the corporate IT word is not a trivial endeavor. With that, Enterprise Software Security: A Confluence of Disciplines details a timely approach on how to take this confluence, and make it work in an enterprise IT environment.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Business Perspectives

risk management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community