Software Development Standards Need To Be Addressed – Final Part

By Guest Blogger, Chris Bonatti, Consultant, IECA – Casper, Wyoming

So What Can Be Done?

As we said before about software development, the various forces of the federal government cannot fix this. We’re talking about software quality, which is reflected in the products of thousands of different companies worldwide. To make headway will require a paradigm shift in the way we develop and select software. As always, we can suggest some principles:

  • Make security an integral part of software projects, and formalize the security design process.
  • Avoid software that addresses overly broad requirements (follow the “keep it simple” scope rule).
  • Avoid “version churn” that introduces new software versions with new features, and often new bugs, faster than they can be patched.
  • Make security reputation and patching performance top selection criteria for software and libraries.
  • Favor software built using “safer” languages.
  • Establish a formal testing program, and include regression testing to ensure patch quality.
  • Employ software design & code quality reviews.
  • Avoid external library dependencies unless there is a compelling case and good functional fit.
  • Scrutinize library internals for code quality.
  • Actively monitor for security updates to libraries.
  • Patch and disclose software flaws promptly.
  • Use automated patch management where possible.


Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: