It is week two of National Cyber Security Awareness Month (NCSAM). This week’s topic is “Secure Development of IT Products.”
So, what is involved in the secure development of IT products? Security is not something to be considered after a product has been engineered or software has been written. In fact, adding security after development can be costly. Despite all efforts to educate developers and product engineers, security is still not considered during the development phase. There have been studies conducted to determine the benefits of incorporating security in the development over bolting on security after development. (See below for reference article.)
Truth is, sometimes even with the best efforts to incorporate security in the development of hardware and software, there are occasional flaws found and exploited. Therefore, it is our advise that you make sure to keep software up-to-date with the latest patches, fixes, and versions, whenever possible. To make sure you are surfing safely, utilize tools to quickly analyze your computing device to make sure you’re running the latest browser and plug-ins. One such tool is BrowserCheck from Qualys. (Image to the right shows results from a quick scan.) This tool checks for most common plug-ins, office suites, OS versions, and browser versions to ensure you are running the latest software. Give it a try – it’s free – at: https://browsercheck.qualys.com.
Note for Java users: Although we would prefer that everyone run the latest version of Java, some software does not work with the newest releases of Java. If you need to use Java-based software, try using a different, dedicated, browser for applications that require Java. This way, you can disable Java on the browser you use for browsing the web and another, dedicated, browser that has Java enabled for use with the application(s). Just make sure that the separate, Java-dedicated browser is only used for the application that requires it to limit your exposure to potentially malicious Java software.
Reference: “Estimating Benefits from Investing in Secure Software Development”, from https://buildsecurityin.us-cert.gov/articles/knowledge/business-case-models/estimating-benefits-from-investing-in-secure-software-development.