A task force of experts, academics, and government officials on Thursday rolled out its first round of recommendations for improving software security, noting that, among other things, developers need to adopt a set of patch management guidelines to guarantee that security fixes are thoroughly tested, reversible, and easy to install.
The task force -- one of five under the umbrella designation of the National Cyber Security Partnership -- came out of a security summit last December in Santa Clara, Calif., sponsored in part by the Department of Homeland Security. Like the others, it includes members from universities, the federal government, security consultants, think tanks, and the private sector, and is organized and managed by the Business Software Alliance, an association whose members make up a roll-call of technology's biggest brands, from Adobe and Apple to Microsoft and Macromedia.
Scott Charney, chief security strategist for Microsoft, was one of the group's two co-chairs, and noted the difficulty of ensuring that software is more secure. "Software security is a serious, long-term multifaceted problem that requires multiple solutions, and the application of resources through the development lifecycle," he said in a statement.
"If present trends continue, [security] could get much worse in the future," he added. "But there's no silver bullet for making software secure."
Even so, the group -- tagged with the long-winded title of Security Across the Software Development Cycle Task Force -- did have a number of ideas.