Built-in Software Security Instead of Patchwork and Patches

• Security by Design enables resilient software from the beginning
• Security from the ground up increases the reputation of the developers and lowers the production costs in the long run

Software that is poorly programmed, maintained, or configured opens the gateways for most cyber-attacks – this is evident from cyber threats such as WannaCry, Locky, or the Mirai botnet. “It can reduce many costs if software developers take greater account of security from the outset, rather than constantly providing new patches,” says the cyber security expert, Felix von Leitner. “Instead, we have taken a resigned attitude: A world view in which software has vulnerabilities, and hackers just take advantage of them.”

For software developers, Security by Design offers a solution to this dilemma. Based on this concept, software can be designed in such a way that it has as few vulnerabilities as possible and is as resistant as possible to attacks. “This can be achieved if developers pay more attention to safety requirements in the development process of software,” says Markus Schaffrin, Head of Member Services at eco – Association of the Internet Industry. “From the initial idea to final completion, security must be one of the design criteria. Developers should also ask themselves if their idea can actually be implemented in context of important security aspects.”

Do not pass on security risks to customers

In reality, however, safety aspects are far too often subordinated to short-term economic viability. This leads to the discovery of new vulnerabilities in the life cycle of an application, which are then fixed through expensive and complex patch cycles. Felix von Leitner says: “We have to get away from delivering immature software to our clients. At the moment, the customer alone has to bear the risks. Some manufacturers even refuse critical security updates if the customer has not signed a support contract. This is the kind of breeding ground on which countrywide IT vulnerability thrives.”

Well-developed software increases reputation and lowers costs

Security by Design is indispensable for sustainable business success: Manufacturers improve their application safety, and thus reduce the cost of the development and the release of patches. Anyone who offers secure software from the outset also increases the reputation of the company, since security is an important quality criterion for many customers.

Security by Design is one of five main topics of the Internet Security Days 2017 (28-29.09.2017), which will take place at the amusement park ‘Phantasialand’ in Brühl, near Cologne. During the conference, Felix von Leitner and many other experts will discuss related topics and give practical tips.

More information about the Internet Security Days 2017 agenda can be found here: https://isd.eco.de/agenda-2/agenda-2017/agenda-2017-donnerstag.html.