State of Practice in Secure Software: Experts’ Views on Best Ways Ahead

State of Practice in Secure Software: Experts’ Views on Best Ways Ahead

Bill Whyte (Independent consultant, UK) and John Harrison (LanditD, UK)
DOI: 10.4018/978-1-61520-837-1.ch001
OnDemand PDF Download:
No Current Special Offers


The authors present a synthesis of expert views on some important actions to improve the state of practice in secure software. The main conclusions are: the skill base is lacking; business cases for security good practice are poorly developed: choosing between different ‘good practices’ is difficult; research will only have impact if compatible with the commercial environment of developers and their existent skills. The study is grounded on experiences as panel moderators, rapporteurs and report writers involved in drafting the views of experts. Some research directions are indicated.
Chapter Preview


Proper selection of methodology for acquiring, authoritative views in the area of applied technology is often insufficiently addressed, with a failure to employ research methods that are properly grounded, with issues such as ‘observation’ versus ‘theory’ [O’HEAR] not separated out. At worst, observation simply consists of an unrepresentative sampling of journal papers or online search, and theory simply the biased views of the enquirer, and in neither case with the investigator’s views subject to proper ‘closed-loop’ feedback. To avoid this as far as possible and although we do make use of open-loop sources, our findings are weighted towards first-hand encounters with a number of peer-reviewed activities involving experts in secure software development. In the course of these encounters we have sometimes been involved in drafting (and redrafting) reports summarizing consensus views on the subject. What is, and what is not, said, and the manner in which the discussions proceed during this consensus building, can give additional insight into the debate.

Prominent among these was participation in a UK Department of Trade and Industry (DTI) Global Watch Initiative, in January 2006 [GWM]. The Global Watch team comprised a small body of experts who met a wide range of influential academic and governmental representatives and senior staff in leading software companies in California and Washington State.

Complete Chapter List

Search this Book: