Networking

02:22 PM
Connect Directly
RSS
E-Mail
50%
50%

IBM Boosts Secure Development Practices

Focus is on making security an integral part of software, Web services, cloud, and portal development practices.

IBM this week announced multiple initiatives and software updates to help organizations build security into their software development practices, applications, Web services, cloud projects, and portals.

"As customers drive new Web-based services and portal initiatives, they must balance the growing need for exposing data with the ability to provide secure access to these critical resources on a need-to-know basis," the company said in a statement.

Accordingly, IBM updated Tivoli Access Manager to provide centralized authentication, policy management, and access control services for cloud, service-oriented architecture, portal, and Web application environments.

Similarly, IBM also announced a new "Secure By Design" initiative, which combines a new IBM-developed framework for secure software engineering, backed by source code security testing tools, source code scanning assessment services, and identity and access management capabilities.

From its acquisition of security vendor Ounce Labs, IBM also introduced a new Web application security tool, AppScan Source Edition, meant to help developers spot and remediate Web application vulnerabilities before code moves into beta or general release.

According to a study conducted last year by IBM researchers, Web applications accounted for 49% of all software vulnerabilities in the wild. For two-thirds of those vulnerabilities, however, no patch existed. Unfortunately, these vulnerabilities are often easily accessible to attackers, since the software runs online.

For years, software experts have known that the most cost-effective way to secure software is by specifying it at the start of a project, and making it an integral part of the software development lifecycle. Historically, however, many software development houses -- driven by time-to-market or cost-control concerns -- have skimped on security planning, and when they do attempt to secure their software, bolt it on after the fact, which costs more and is typically less effective.

But according to the Open Web Application Security Project, which tracks Web application vulnerabilities, many if not all of today's top vulnerabilities -- e.g., SQL injection, cross-site scripting attacks, broken session management, and failure to restrict URL access -- can be prevented simply by more rigorously designing and testing code, before the software ships.

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed