Hva er programvaresikkerhet?

SINTEF INFOSEC

I siste nummer av The International Journal of Secure Software Engineering (IJSSE) var undertegnede og Martin Gilje Jaatun gjesteredaktører, og skrev i den forbindelse en introduksjon for å gjøre selve begrepet “software security” noe mer håndgripelig. Bakgrunnen for skrive om nettopp dette er at vi opplever at begrepet ofte benyttes i en veldig vid forstand.

Utdrag: What is software security? It is still considered to be a relatively new field, just a little bit more than a decade old, though of course the wider field of computer security has a much longer history. Judging from the span of submissions that are submitted to our annual workshop on software security, we get the impression that some practitioners tend to put too much into this bag, such as cryptology, firewalls, access control models and trusted computing. So, let us try to narrow it down a bit. We argue that the art of software security is about making software systems robust and less exploitable without the needs for barriers in the operating system, hardware or surrounding networks. It should address critical software and your ordinary home applications alike, after all, most of the software that surrounds us is found on your everyday device, such as the laptop, TV or mobile phone, and these have not been set up with proper external protection. Our Holy Grail is that software security should be considered a self-evident quality aspect on par with absence of functional bugs. We hope that IJSSE will be of great help to those of us who seek this Grail.

Hele introduksjonen ligger åpent ute her, mens selve nummeret (IJSSE, volume 2, issue 4) eller de enkelte artiklene kan bestilles fra forlaget.