• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ All Podcast Series / The CSIAC Podcast / 5 Best Practices for Software Security

The CSIAC Podcast - 5 Best Practices for Software Security

Posted: 11/25/2019 | Presenter: Farhat Shah | Leave a Comment

Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/

As Software becomes more complex, it is critical to incorporate security from the very inception of the system rather than an afterthought. With the rapid shifts in technology and increasingly sophisticated threats, cybersecurity considerations are a critical factor, expressly for systems utilizing decades-old software applications, still operational due to specific mission criticalities. These highly complex systems with millions of lines of software codes are progressively difficult to maintain over time due to software and hardware security obsolescence. An argument in favor of software assurance lies in the report by the Software Engineering Institute (SEI) that estimates that 90 percent of incidents stem from defective software according to the DoD Developer’s Guidebook for Software Assurance.

Incorporating security control measures early on in the software development process will benefit in terms of cost savings and manpower utilization throughout the lifecycle management, thus increasing the reliability and maintainability of the software. This article reiterates commonly observed best practices that can help enhance any organization’s software security practices whether using traditional, agile or development operations (DEVOPS) methods for new code or integration.

This video podcast and report are only available on DoDTechipedia (Limited Access):
Video Podcast: https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2019-11-26-csiac-podcast-5-best-practices-for-software-security.mp4
Report: https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2019-11-26-csiac-report-5-best-practices-for-software-security.pdf

Presenter

Farhat Shah
Farhat Shah
Ms. Farhat Shah currently serves as the cyber security subject matter expert for the Department of Defense (DoD). Ms. Shah has worked in different capacities to launch and implement IA programs and initiatives within her organization. She provided critical cyber security support to systems across the U.S Army leading to successive mission completion. Ms. Shah began her career as a software engineering intern. She graduated from the Army’s Intern Program earning a Master's in Software Engineering from Monmouth University. Throughout this time she participated in planning, developing and maintaining assigned software projects. Ms. Shah holds a Bachelor's in Electrical Engineering and a second Master’s in Technical Management from the Johns Hopkins University. Her experience entails Software development, Systems Engineering, Project management and Cybersecurity for information systems that she has gained over her career as an engineer with the Army. Ms. Shah is a CISSP (Certified Information Systems Security Professional) as well as a PMP (Project Management Professional). Ms. Shah is Level III Certified in Systems, Planning, Research, Development and Engineering. She is a current member of the IEEE.

Tags: Software Assurance, Software Development, Software Engineering Institute (SEI)

Previous in this Series:
« Authenticating Devices in Fog Multi-Access Computing Environments...

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Richard "Rick" Aldrich

CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives updated snapshots of evolving developments in cyberlaw, policy, standards, court cases and industry legal frameworks. His latest work discusses cybersecurity issues of interest to security managers.

Read SME's Contributed Content

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

CSIAC Journal - Artificial Intelligence

CSIAC Journal Cover Volume 7 Number 1

This edition of the CSIAC Journal highlights three very different views of complex situations where AI might, should, and does intersect with our ability to use AI effectively.

Read the Journal

Recent Video Podcasts

  • Publishing Domain Specific Source Code for Reuse and Maintenance Series: CSIAC Webinars
  • 5 Best Practices for Software Security Series: The CSIAC Podcast
  • Authenticating Devices in Fog Multi-Access Computing Environments through a Wireless Grid Resource Sharing Protocol Series: The CSIAC Podcast
  • Machine-Learning Techniques to Protect Critical Infrastructure From Cybersecurity Incidents or Equipment Incidents Series: CSIAC Webinars
  • Cyber Deconflicted: Understanding the Layers of Cyberspace Series: CSIAC Webinars
View all Podcasts

Upcoming Events

Feb 12

DeveloperWeek SF Bay Area

February 12, 2020 - February 16, 2020
San Francisco CA
United States
Feb 23

BSidesSF

February 23, 2020 - February 24, 2020
San Francisco CA
United States
Feb 29

BSidesTampa

February 29, 2020
Tampa FL
United States
Jun 15

QCon New York

June 15, 2020 - June 19, 2020
New York City NY
United States
Jul 13

OSCON

July 13, 2020 - July 16, 2020
Portland OR
United States
View all Events

Recently Active Members

Profile picture of mackaybe
Profile picture of jreade
Profile picture of rmmm
Profile picture of CSIACAdmin
Profile picture of Mogo
Profile picture of stevechan
Profile picture of jyelle01
Profile picture of PraveenWATI
Profile picture of j.p.doherty
Profile picture of Mathieu Schram
Profile picture of balbuena14
Profile picture of pixelhunters
Profile picture of Rvnth
Profile picture of biggswe
Profile picture of khunearylikethebird
Profile picture of JSchempp
Profile picture of marchbol
Profile picture of BrianB

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
USD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2019, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Necessary Always Enabled