Two Decades of Secure Software Development: Shifting Left, Right and down
摘要
In the early 2000s security began to receive serious attention in the IT community. This led to the birth of several methodologies for secure software development (notably Microsoft SDL) and many other forms of security advice: Top N lists of common vulnerabilities, secure coding guidelines, and many security frameworks and standards. Now that twenty years later the cry for more secure software has reached policy documents such as the US National Cybersecurity Strategy and the EU Cyber Resilience Act, this paper reflects on developments in the field of software security over these past two decades.