DEVELOPING SECURE SOFTWARE

Transcription

1 DEVELOPING SECURE SOFTWARE A FOUNDATION FOR CLOUD AND IOT SECURITY Eric Senior Director, Product Security Office EMC Corporation Chairman of SAFECode CSA EMEA Congress November

2 ABOUT SAFECODE The Software Assurance Forum for Excellence in Code (SAFECode) is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Howard A. Schmidt Executive Director Associate Members Autodesk Boeing Cigital Codenomicon Huawei NetApp SonaType Telecommunications Systems, Inc. VeraCode VMware 2

3 SOFTWARE RUNS ON NEW TYPES OF HARDWARE... 3

4 ...SAME SOFTWARE SECURITY PROBLEMS Law of Software Assurance All software has errors and a small subset of these errors result in software vulnerabilities 4

5 STRONGEST SECURITY TECHNOLOGIES DO NOT SUSTAIN INSECURE SOFTWARE Insecure Software Secure Communications 5

6 SECURE SOFTWARE IS A FOUNDATION FOR CLOUD AND IOT SECURITY ARCHITECTURES Cloud New consumption model New deployment model New trust boundaries Internet of Things New physical boundaries New device management model New privacy challenges Same Fundamental Practices for Secure Software Development Comprehensive and holistic Adapt to new threats and new models 6

7 SOFTWARE ASSURANCE STAKEHOLDERS Software Professional Technology Developer Technology Consumer Create the software directly or indirectly for the technology developer Leverage software to deliver products, applications or services to customers Buy or use the products / services delivered by the technology developer 7

8 THE SOFTWARE PROFESSIONAL CREATE THE SOFTWARE FOR THE TECHNOLOGY DEVELOPER Rapidly growing population 48% of software developers never received a degree in computer science (*) Graduates from colleges receive little to no security training SAFECode Principle: Awareness of software assurance is fundamental to software engineering proficiency. (*) Source: Stackoverflow 2015 Developer Survey 8

9 SAFECODE TRAINING RESOURCES & ACTION PLAN All Colleges & Universities Employers Technical training modules available online for free Include software assurance awareness in any software engineering curriculum Include requirements for software assurance skills in software engineering job postings Introduction to Cryptography Secure Memory Handling in C 101 Threat Modeling 101 Secure Java Programming 101 Cross Site Scripting (XSS) 101 Product Penetration Testing 101 Auth 101: A Passwords Backgrounder for Everyone DOH: Default, Obscure and Hidden Content for Everyone An Introduction to Windows Access Controls File Permissions 101: Linux and OS X Injections 101: SQL and Beyond CSRF 101: Cross Site Request Forgery for Everyone 9

10 THE TECHNOLOGY DEVELOPER LEVERAGE SOFTWARE TO DELIVER PRODUCTS OR SERVICES TO CUSTOMERS Subject to non-realistic software assurance expectations Required to adapt their software engineering processes and train their workforce Increasingly leverage open source software SAFECode Principle: Secure software development is an organizational commitment and a holistic process 10

11 FUNDAMENTAL PRACTICES FOR SECURE SOFTWARE DEVELOPMENT SAFECode Fundamental Practices for Secure Development Experts have converged on core set of secure development practices that can be applied across diverse development environments to improve software security Threat Modeling Use Least Privilege Implement Sandboxing Minimize Use of Unsafe String and Buffer Functions Validate Input and Output to Mitigate Common Vulnerabilities Use Robust Integer Operations for Dynamic Memory Allocations and Array Offsets Use Anti-Cross Site Scripting (XSS) Libraries Use Canonical Data Formats Avoid String Concatenation for Dynamic SQL Statements Eliminate Weak Cryptography Use Logging and Tracing Determine Attack Surface Use Appropriate Testing Tools Perform Fuzz / Robustness Testing Perform Penetration Testing Use a Current Compiler Toolset Use Static Analysis Tools 11

12 THE TECHNOLOGY CONSUMERS / BUYERS CONSUMES PRODUCTS OR SERVICES DELIVERED BY THE TECHNOLOGY DEVELOPER Need to manage technology risk Lack of broadly adopted standards to assess security of procured software Often use ad hoc and ineffective assessment methods SAFECode Principle: developers should work towards providing more transparency in software assurance processes and practices to help customers and other key stakeholders manage risk effectively. 12

13 SOFTWARE ASSURANCE ASSESSMENT TODAY TOO MANY AD HOC AND INEFFECTIVE APPROACHES Ineffective assessment methods Require suppliers to: Attest that no vulnerabilities exist in code Share product source code Share known vulnerabilities Adopt specific tools or coding standards Challenges for suppliers Ad hoc assessment are not scalable across customers Divert expert resources from more critical tasks Misalignment with realworld secure development practices 13

14 Low High SUPPLIER ASSESSMENT FRAMEWORK Supplier Software Assurance Maturity TO BE RELEASED: END OF NOVEMBER 2015 Vendor Process Review: 1. Secure development practices 2. Product security governance 3. Vulnerability response process International Standards: IEC/ISA (industrial automation and control products) ISO/IEC : 2011 (Application security) Software Testing Penetration testing or, Binary code analysis or, Network scanning International standards focused on the IT industry lack maturity or are not broadly adopted. Now Timeline for broad adoption Future 14

15 SOFTWARE ASSURANCE: TAKE ACTION NOW Software Professional Technology Developer Technology Consumer All: Leverage online training available Academia: Teach software assurance to all software engineering students Adopt a holistic proven software assurance process as a foundation to any security architecture Use standard-based framework to assess suppliers software assurance process 15

16 Blog: Eric 16