JISAR

Journal of Information Systems Applied Research

Volume 9

V9 N1 Pages 38-46

April 2016


Moving Beyond Coding: Why Secure Coding Should be Implemented


Mark Grover
IBM
Durham, NC 27709, USA

Jeffrey Cummings
University of North Carolina Wilmington
Wilmington, NC 28403, USA

Tom Janicki
University of North Carolina Wilmington
Wilmington, NC 28403, USA


Abstract: Consistently, malicious attacks through unpatched software continues to be one of the leading causes of security breaches year after year. Most attention has been placed on continuous patching to eliminate any security holes in existing software. However, as more devices continue to be connected (i.e., Internet of Things) and entire industries move to a connected environment (e.g. healthcare), closer attention needs to be placed on the development process, specifically implementing secure software development guidelines. In the following paper, we discuss the need for secure coding by first evaluating current data breaches caused by software flaws followed by a history of secure coding. This is followed by a discussion options available to developers for implementing secure coding. We finish by providing general recommendations for incorporating secure coding into current practices that could be adapted for both an organizational environment and higher education.

Keywords: software development, secure coding, development life-cycle, developer

Download this article: JISAR - V9 N1 Page 38.pdf


Recommended Citation: Grover, M., Cummings, J., Janicki, T. (2016). Moving Beyond Coding: Why Secure Coding Should be Implemented . Journal of Information Systems Applied Research, 9(1) pp 38-46. http://jisar.org/2016-9/ ISSN: 1946-1836. (A preliminary version appears in The Proceedings of CONISAR 2015)