Relating Software Engineering and Information Security

Page Content

Gene Spafford

Aug 27, 2003

Abstract

There are many connections between software engineering and
information security. Some are obvious, such as the process of
detecting software faults, and some are more subtle, such as
definition and capture of privacy requirements. In both infosec and
SE there are complex challenges of how best to balance cost, design,
technology, and time to market: Too often, good practices are skipped
because of cost or time. Meanwhile, failures in both areas can lead
to everything from minor inconvenience to catastrophic failures and
compromises.

In this talk, I intend to explain some of the connections I see
between software engineering and information security. In
particular, I hope to illustrate how some of the challenges -- and
advances -- in infosec have a basis in software engineering. Some
of these suggest high-leverage areas of research, while others
provide insight about why we will continue to experience security
problems in widely-deployed software. For instance, is there truth
to the contention that open source software is more secure than
proprietary source? Along the way, I will connect Las Vegas, the
PDP-11, Roman chariots, and a common security flaw as one
illustration of how unintended consequences shape both security and
software development.

About the Speaker

http://www.cerias.purdue.edu/homes/spaf

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

© 1999-2013 Purdue University. All rights reserved.

Use/Reuse Guidelines

CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.