When security is built into software from the ground up, software is more resistant to attacks. Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the life cycle was $500,000.

The CERT Cyber Security Engineering (CSE) team focuses on research and education to help software and systems acquirers, managers, developers, and operators address security and survivability throughout the development and acquisition life cycles—especially in the early stages. The team has created methods and solutions that can be integrated into existing practices.

The CSE team also provides resources for the Build Security In (BSI) website, which it manages for the Department of Homeland Security. BSI was noted in Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (pdf), released in December 2011 from the Executive Office of the U.S. President.

January 31, 2012

New Podcast Released
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors.

January 26, 2012

New Insider Threat Blog Entry
The Entry "Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage" has been posted.

January 20, 2012

Spotlight On: Malicious Insiders and Organized Crime Activity
This TN is the fifth article in the Spotlight On quarterly series published by the CERT Insider Threat Center.

more announcements

headlines