Software Security in the Real World

 

Brian Chess

Chief Scientist

Fortify Software

 

Abstract

 

In recent years software security has gained significant interest in both academic circles and in the business community.  This presentation examines software security from an industrial perspective.  It looks at the origins of today's software security problems, the way that companies view software security, and the steps companies are taking to improve the security of the code they produce.  Topics include methods for achieving code quality versus methods for achieving code security, approaches to measuring security, and a host of other problems that are in need of good solutions.