We’ve talked at length before regarding software security assurance and the role static analysis can play in ensuring code is written securely. We’ve got a bunch of great resources for anyone looking to dive into this particular aspect of software security:
- Summary of various secure coding standards, including links to specific checkers supported by Klocwork
- Free secure coding e-learning courses, including an intro to Microsoft’s secure development lifecycle
- A ‘buyer’s guide’ to selecting a static analysis tool as part of a secure coding program authored by a major payment software company
To build on this, next month our CTO Gwyn Fisher and the CTO of Security Innovation, Jason Taylor will be hosting a talk that expands the discussion beyond secure coding strategies alone. Jason will be talking at length on how to build a threat model for software, in particular embedded software. Gwyn will then walk through how customers should be building their software with this threat model in mind – everything from code reviews to static analysis and testing strategies. I urge you to register for the webinar and check it out – there will be lots of good information being discussed.