Secure Programming Practices in the Times of Viruses and Malicious Code

We at Telecommand are pleased to invite your team to a complimentary half-day lecture entitled “Secure Programming Practices in the Times of Viruses and Malicious Code” on Wednesday the 28th March 2007 at 9:00 AM at Radisson Hotel of Sacramento located at  500 Leisure Lane, Sacramento CA 95815. The lecture is targeted at the application developers or you can look at the list of series of lectures on our site at http://www.telecommand.com.

Most of us continue to think of Internet security as the responsibility of the network administrators and in terms of Firewalls and VPN (Virtual Private Network). As a result most of the organizations have become like eggs with hard exterior and soft interior. The “soft interior” is made up mostly of the systems, which either custom developed or bought off the shelf.  Organizations can no longer afford to have the “soft interior”. Thanks to the proliferation spywares, even the applications which are not supposed to be on the network, are on the Intranet can become launching pad for attacks on crucial networked resources. That makes it important that each and every application is inherently secure and resistant to attacks from any source.

Please contact me at ritesh.saxena@telecommand.com or to reserve your place.

Software security—the idea of engineering software so that it continues to function correctly under any malicious attack "any program, no matter how innocuous it seems, can harbor security holes". It is a continual process, requiring first an understanding of the issues, and then incorporating design, coding, testing, and deployment into the software development lifecycle. A research reveals there's a new Windows virus every four hours. Perhaps 15% of all desktop machines are running malware of some sort.”

Any program, no matter how innocuous it seems, can harbor security holes. "Internet-enabled software, especially custom applications that use the Web, is sadly a common target for attack. There is a clear and pressing need to change the way we approach computer security and to develop a disciplined approach to software security. An attacker no longer needs physical access to a system to exploit vulnerable software; and today, software security problems can shut down banking services and airlines.

Software security is about risks and how to manage them. Good software security practice leverages good software engineering practice and involves thinking about security early in the software life cycle, knowing and understanding common problems (including language-based flaws and pitfalls), designing for security, and subjecting all software artifacts to thorough objective risk analyses and testing. Now that software is networked by default, software security is no longer a luxury—it's a necessity.

Current trends in enterprise architecture make connectivity problems more problematic than ever before. An extensible architecture makes it easy to satisfy both demands by allowing the base application code to be shipped early, with later feature extensions shipped as needed. A Risk Management Framework is designed to manage software-induced business risks and takes care of the potential damage that can occur as a very high risk is not only likely to happen but also likely to cause great harm.

The past events—terrorist attacks to a number of malicious and highly publicized computer viruses—reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it's the airlines or computer systems. The problem is that vulnerabilities in the software let malicious hackers skirt standard security technologies with impunity. Running a secure network could become easier and more cost effective.

Telecommand is at your service for gathering, encapsulating, and sharing security knowledge that can be used to provide a solid foundation for your software security practices. We have done a great job of having teams work around the clock to deliver security fixes for any problems that arise. Our new design approaches dramatically reduce the number of such issues that come up in the software. In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. So now, when we face a choice between adding features and resolving security issues, we choose security.