The Cyber Risk of Untrustworthy Software from the Globalization of Information Technology presented at AUScert 2007

by Andy Purdy,

Summary : The Cyber Risk of Untrustworthy Software from the Globalization of Information Technology
Globalization drives companies to pursue talent and lower costs wherever they are found in the world.
Market and business drivers encourage companies to move software production to the least expensive source.
The global nature of the software development industry has created concern over the security of networks and data and information that transverse or are stored on them.
The availability of access by sophisticated malicious actors - whether nation states or organized terrorist or criminal groups -- to software development and the software supply chain generally, poses significant security concerns.
Software offers an effective means for technical intelligence collection by a sophisticated adversaries
Tools and techniques for scanning software for accidental or maliciously inserted vulnerabilities are in adequate for effective detection and remediation.
To date, most development practices focus on improving performance not detecting such vulnerabilities.
Open architectures and reusing code can reduce costs, but do may increase risk
Will discuss best practices for software development, and current efforts by government and private industry to reduce the risks posed by untrustworthy software.