How can an organization build secure programming into application development process?
Failure to define clear and detailed security requirements is one of the most common issues in the security assurance process. Organizations should establish secure programming requirements and standards even in the absence of mandatory or even generally accepted standards for system and program security. Millions of references to secure programming standards are available via a Web search. Refining the search and discovery techniques will help identify those secure programming practices and techniques most applicable to the organization and its objectives. Organization should also ensure that all developers are trained in secure programming, and that programming guidelines and standard libraries that utilize security functions are established. Finally, supporting tools and technologies need to be put in place to identify and diagnose vulnerabilities.
