Posted by Synopsys Editorial Team on July 29, 2014
Given the recent number of high profile vulnerabilities like Heartbleed many organizations are taking a critical look at their application security programs to determine if what they are doing is enough. The reality is many firms stick with traditional security practices incapable of finding deeper or complex issues. A fundamental way organizations can improve their security program is by injecting security practices earlier in the SDLC, this means providing developers with the training and tools to spot problems in development instead of in production. While engaging developers in the security process can lead to marked improvement, some folks argue more drastic measures are necessary. Dr. Gary McGraw on C
“Mostly, what I advocate is getting rid of C as a programming language.” “It’s important to realize some languages are better than others, and some software security techniques are better than others. Heartbleed was a particularly heinous piece of code, even from the perspective of understanding how it works.”
To hear more from Dr. McGraw and other security experts on how to improve security from the development side read the SD Times article Security is front and center for developers.
Get the latest Software Integrity news, thought leadership, and more.