In the early 2000s security began to receive serious attention in the IT community. This led to the birth of several methodologies for secure software development (notably Microsoft SDL) and many other forms of security advice: Top N lists of common vulnerabilities, secure coding guidelines, and many security frameworks and standards. Now that twenty years later the cry for more secure software has reached policy documents such as the US National Cybersecurity Strategy and the EU Cyber Resilience Act, this paper reflects on developments in the field of software security over these past two decades.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Two Decades of Secure Software Development: Shifting Left, Right and down

  • Erik Poll

摘要

In the early 2000s security began to receive serious attention in the IT community. This led to the birth of several methodologies for secure software development (notably Microsoft SDL) and many other forms of security advice: Top N lists of common vulnerabilities, secure coding guidelines, and many security frameworks and standards. Now that twenty years later the cry for more secure software has reached policy documents such as the US National Cybersecurity Strategy and the EU Cyber Resilience Act, this paper reflects on developments in the field of software security over these past two decades.