http://www.csoonline.com/article/467314/Who_Pushed_Vendors_Toward_Better_Security_ By Mary Ann Davidson CSO at Oracle Corp. CSO Online December 03, 2008 In the past five years, software assurance has moved from the theoretical to the practical, as more vendors disclose or are required to disclose their secure development practices if they are not actually trying to use these practices as competitive differentiators. The market shift has been led by critical customer segments as much or more so than by a vendor awakening. Customers are increasingly focused upon lifecycle security costs in part because unexpected security events have become a large and unpredictable part of organizations' IT budgets. Whether it's providing secure software configurations or disclosing secure development practices, the software landscape for vendors has shifted from "nobody will pay more for better security" to vying in Snow White contests to be the universal response to: "Mirror, Mirror on the wall, who is the most security-minded vendor of all?" Customer demand is changing the marketplace for secure software, a trend that will accelerate through purchasing power or by policies with the effect of regulation. The US federal government is a significant player in changing the security marketplace. Cost factors are leading to the increasing use of commercial off-the-shelf (COTS) software. In order to feel comfortable using COTS in critical systems, US federal agencies want more transparency regarding how, where and by whom the software they use is developed, in part to better assess risk, of which software security-worthiness is a large component. A number of US government agencies, including the Department of Defense (DOD), the National Security Agency (NSA), the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) are focused on software security. The Department of Homeland Security (DHS), for example, runs a software assurance forum where a broad tent of industry, academia and customers collaborate on better software development practices. Multiple DHS software assurance working groups have produced materials in areas as diverse as secure development practice, security metrics, acquisition and developer education. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Thu Dec 04 2008 - 01:37:20 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 04 2008 - 01:49:45 PST