Why Software Security matters?
We're entering a world where software makes a great deal of our daily lives. Software is a critical part of both "actually useful" as well as the trivial and fun stuff in our lives.
Nevertheless, in both cases we'd like to be assured of certain things: that a life-saving thing like the brakes of our car, or the control unit of an elevator, or the software used by air traffic controllers (ATC personnel).
What on earth is this?
I really thought about deeply what is the one subject that has persisted throughout the years I've been involved with computers and programming. And it's software security.
Following my heart, I started ploughing the rumble and making way towards also graduating from this field.
I've been already involved in software industry for years, and had thus insight into teams, personalities, attitudes, and processes. I can tell that it's quite few (really, few) places where software security has actively been the topic of any weekly discussions, apart from as a kind of "pastime", heard from the News, as if security was an outside thing; random occurrence like burglary or mugging.
The Two Questions
Security is elusive, and its defects are not always just a matter of conscious oversight or putting a project on too tight schedule or budget. For that reason one of the key problems I have to solve is getting a multiplicity of projects to oversee, for proper research data to evolve. I want to look into and possibly answer two questions:
1. Can secure programming be fun and adapted as persistent style?
2. Can a secure programming habit be adapted team-wide and kept effective?