LDRA delivers secure software development resource

By implementing best practices such as bidirectional traceability that connects functional safety and security standards’ objectives to requirements, models, design, code, tests, and testing artifacts, companies greatly increase their ability to build secure code and mitigate security risks. This is critical for minimising the risk of liability claims, damage to reputation, and compliance fines.

“Too often, companies design their software first and test it later, which invariably leads to insecure code that puts people and property at risk,” said Ian Hennell, Operations Director, LDRA. “The security resources at our new portal are designed to help companies learn how to build security into their software from the beginning, because attempting to bolt on security after the fact is costly and error prone. Preventing vulnerabilities from entering the code during construction cost-effectively addresses the accelerating security requirements of connected devices and systems.”

The portal offers content on:

• Why secure application code matters, identifying what makes software a target for hackers and key elements associated with in-depth protective measures used to secure applications, particularly when designs involve IoT endpoints that need securing.
• The Secure Software Development Lifecycle (SSDLC) provides a detailed introduction to a better, proactive approach to ensure that code is secure by construction and implemented using a systematic development process.
• How Static Application Software Test (SAST) can be implemented early in the lifecycle, lowering the cost of vulnerability rectification.
• How white box Dynamic Application Software Test (DAST) analyses and complements SAST and black box DAST techniques.
• Why secure software development is key for various vertical applications such as automotive, aerospace & defense, industrial & energy, rail, medical, and IoT.

The security resources at the online portal highlight case studies from companies such as HCC Embedded and Now Technologies that successfully enhanced the safety and security of their products by using the LDRA tool suite to build applications systematically through all stages of software development.

The LDRA tool suite automates code reviews for compliance and the testing process as a whole. With the tool suite developers can quickly identify and repair potential coding flaws and vulnerabilities, thereby saving time and money in the production of high-assurance software applications.

“Customers like HCC Embedded and Now Technologies knew they needed to develop applications for security-sensitive systems, and worked closely with us to make that happen,” Hennell said. “Our new online portal and its extensive resources will share the best security practices these customers and others have learned in using our proactive approach to securing software. Over the months and years ahead, we will build on the portal’s initial content, highlighting industry trends, customer successes, insights, and techniques developers can use to secure all phases of the software development lifecycle in the most cost-effective manner possible.”