CSIAC

Cyber Security and Information Systems Information Analysis Center

/ All Podcast Series / / 5 Best Practices for Software Security

- 5 Best Practices for Software Security

| Presenter: Farhat Shah | Leave a Comment

Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/

As Software becomes more complex, it is critical to incorporate security from the very inception of the system rather than an afterthought. With the rapid shifts in technology and increasingly sophisticated threats, cybersecurity considerations are a critical factor, expressly for systems utilizing decades-old software applications, still operational due to specific mission criticalities. These highly complex systems with millions of lines of software codes are progressively difficult to maintain over time due to software and hardware security obsolescence. An argument in favor of software assurance lies in the report by the Software Engineering Institute (SEI) that estimates that 90 percent of incidents stem from defective software according to the DoD Developer’s Guidebook for Software Assurance.

Incorporating security control measures early on in the software development process will benefit in terms of cost savings and manpower utilization throughout the lifecycle management, thus increasing the reliability and maintainability of the software. This article reiterates commonly observed best practices that can help enhance any organization’s software security practices whether using traditional, agile or development operations (DEVOPS) methods for new code or integration.

CAC/PIV holders can watch or download the podcast here:
https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2019-11-26-csiac-podcast-5-best-practices-for-software-security.mp4

Download Associated Files:
You must be logged in to download files associated with this video podcast. Click here to login.

Presenter

Farhat Shah
Farhat Shah
Ms. Farhat Shah currently serves as the cyber security subject matter expert for the Department of Defense (DoD). Ms. Shah has worked in different capacities to launch and implement IA programs and initiatives within her organization. She provided critical cyber security support to systems across the U.S Army leading to successive mission completion. Ms. Shah began her career as a software engineering intern. She graduated from the Army’s Intern Program earning a Master's in Software Engineering from Monmouth University. Throughout this time she participated in planning, developing and maintaining assigned software projects. Ms. Shah holds a Bachelor's in Electrical Engineering and a second Master’s in Technical Management from the Johns Hopkins University. Her experience entails Software development, Systems Engineering, Project management and Cybersecurity for information systems that she has gained over her career as an engineer with the Army. Ms. Shah is a CISSP (Certified Information Systems Security Professional) as well as a PMP (Project Management Professional). Ms. Shah is Level III Certified in Systems, Planning, Research, Development and Engineering. She is a current member of the IEEE.

Reader Interactions

Leave a Comment