Keynote speaker: Building Secure Software
How to Avoid Security Problems the Right Way



Gary McGraw, Cigital’s Chief Techno-logy Officer


What do wireless devices, cell phones, PDA’s, browsers,
operating systems, network services, public key infrastruc-ture,
and firewalls have in common? The answer is “soft-ware”.
Software is everywhere, and it is not usually built to
be secure. This talk explains why the key to proactive
computer security is making software behave. With software
complexity growing alarmingly – the source code base for
Windows XP is 40 million lines – we have our work cut out
for us. Clearly, the penetrate-and-patch approach is non-optimal.
Even worse is bolting security mechanisms on as an
afterthought. Building software properly, both at the design
and implementation level, is a much better approach. This
talk covers some common software security risks, including
buffer overflows, race conditions, and random number
generation, and goes on to discuss essential guidelines for
building secure software. Applying a risk-driven approach
to software security that integrates analysis and risk
management throughout the software lifecycle is the key to
better computer security.