Lack of Secure Coding Called a National Security ThreatRob Roy Discusses New ICIT Report and the Need for a Coding Security Standard
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology, a cybersecurity think tank.
Rob Roy, an ICIT fellow who was co-author of the report, suggests in an interview with Information Security Media Group that an app standards body could play an important role in improving app security.
"If there were some objective standards put in place that all software would have to abide by, then we could start to make progress," Roy says. "It may just be that there needs to be an objective standard ... and a legislative mandate that requires a certain level of assurance to provide an assured product."
The "call to action" report, "Software Security Is National Security: Why the U.S. Must Replace Irresponsible Practices with a Culture of Institutionalized Security," discusses systemic issues with the software development landscape and what needs to be done to rectify the problem of negligent coding. But solving the problem won't be easy, given the problems of speed-to-market pressures and the sheer number of IoT devices being produced, the report notes.
In this recent interview (see audio link below photo), Roy discusses:
- The motivation for developing this report;
- Today's biggest challenges in software security;
- A U.S. Department of Defense initiative to ensure secure coding;
- Recommendations for secure coding practices in all sectors.
Roy, a fellow at ICIT, is the chief technology officer of the U.S. public sector cybersecurity team at Micro Focus. For the last 10 years, he has been responsible for driving strategic cyber initiatives at the company. He joined Micro Focus through the merger of Hewlett Packard Enterprise Software and Micro Focus International.