Integrating Security into Development, No Pain Required

by Dave Shackleford
Sept. 1, 2017 0 comments SANS Institute application and database security

The majority of today’s information security problems can be traced to flaws in code. Whether these security problems affect operating system components, client applications, web applications or specialized code that runs power generation or other equipment-control systems, the majority of well-publicized vulnerabilities are related to coding errors and implementation issues.Within the running list of the Top 25 Most Dangerous Software Errors1 maintained by SANS, three categories emerge: insecure interaction among software components, risky resource management when coding and porous defenses (due to a variety of implementation issues).

https://www.sans.org/reading-room/whitepapers/analyst/integrating-security-development-pain-requi...