DHS site offers security tools, tips for software developers

[InfoSec News <isn () c4i org>]

http://www.gcn.com/vol1_no1/daily-updates/37218-1.html

By Patience Wait 
GCN Staff
10/05/05 

The Homeland Security Department has launched a secure portal to
provide best practices, tools and other resources for creating more
reliable and secure software for developers and security
professionals.

The new Web site, Build Security In [1], was developed in conjunction
with the Carnegie Mellon Software Engineering Institute. It was
unveiled at a software assurance forum this week co-hosted by DHS and
the Defense Department.

The site takes a building-block approach, with content areas separated 
into different phases of the software development life cycle such as 
architecture and design, systems analysis and testing, and 
implementation. Within each area, articles are compiled discussing 
best practices for that particular aspect of software development. 

Andy Purdy, acting director of DHS' National Cyber Security Division, 
told forum participants that improving the security and reliability of 
software is a critical element in protecting the nation's 
infrastructure. 

Software assurance efforts have to "shift the paradigm from patch 
management to true software assurance," Purdy said. "Our objectives 
are to raise the awareness on software quality and security by 
improving software development and acquisition processes and 
practices."

[1] http://buildsecurityin.us-cert.gov/



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org