Identifying Software Security Requirements Early, Not After the Fact

FromSoftware Engineering Institute (SEI) Podcast Series

Start listening View podcast show

Identifying Software Security Requirements Early, Not After the Fact

FromSoftware Engineering Institute (SEI) Podcast Series

ratings:

Length:

23 minutes

Released:

Jul 8, 2008

Format:

Podcast episode

Description

During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.

Released:

Jul 8, 2008

Format:

Podcast episode

Titles in the series (100)

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Skip carousel

The ROI of Security: In this podcast, Julia Allen explains how ROI is a useful tool because it enables comparison among investments in a consistent way. by Software Engineering Institute (SEI) Podcast Series
21 min listen
Proactive Remedies for Rising Threats: In this podcast, participants discuss how threats to information security are increasingly stealthy and must be mitigated through sound policy and strategy. by Software Engineering Institute (SEI) Podcast Series
20 min listen
Tackling Security at the National Level: A Resource for Leaders: In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems. by Software Engineering Institute (SEI) Podcast Series
22 min listen
Computer Forensics for Business Leaders: A Primer: In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy. by Software Engineering Institute (SEI) Podcast Series
17 min listen
Protecting Against Insider Threat: In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders. by Software Engineering Institute (SEI) Podcast Series
27 min listen
Real-World Security for Business Leaders: In this podcast, William Wilson advises business leaders to use international standards to create a business- and risk-based information security program. by Software Engineering Institute (SEI) Podcast Series
20 min listen
Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology: In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration. by Software Engineering Institute (SEI) Podcast Series
22 min listen
The Value of De-Identified Personal Data: In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely. by Software Engineering Institute (SEI) Podcast Series
31 min listen
Why Leaders Should Care About Security: In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business. by Software Engineering Institute (SEI) Podcast Series
18 min listen
Compliance vs. Buy-in: In this podcast, Julia Allen explains why integrating security into standard business processes is more effective than treating security as a compliance task. by Software Engineering Institute (SEI) Podcast Series
9 min listen
Building Staff Competence in Security: In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions. by Software Engineering Institute (SEI) Podcast Series
22 min listen
Convergence: Integrating Physical and IT Security: In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money. by Software Engineering Institute (SEI) Podcast Series
29 min listen
Making Information Security Policy Happen: In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success. by Software Engineering Institute (SEI) Podcast Series
24 min listen
Crisis Communications During a Security Incident: In this podcast, participants alert business leaders to be prepared to communicate with the media and their staff during high-profile security incidents. by Software Engineering Institute (SEI) Podcast Series
14 min listen
The Legal Side of Global Security: In this podcast, participants encourage business leaders, including legal counsel, to understand how to tackle complex security issues for a global enterprise. by Software Engineering Institute (SEI) Podcast Series
26 min listen
Initiating a Security Metrics Program: Key Points to Consider by Software Engineering Institute (SEI) Podcast Series
12 min listen
CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT: In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division. by Software Engineering Institute (SEI) Podcast Series
24 min listen
Adapting to Changing Risk Environments: Operational Resilience: In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected. by Software Engineering Institute (SEI) Podcast Series
25 min listen
Change Management: The Security 'X' Factor: In this podcast, Gene Kim reports how a recent security survey found one factor that separated high performers from the rest of the pack: change management. by Software Engineering Institute (SEI) Podcast Series
19 min listen
Dual Perspectives: A CIO's and CISO's Take on Security: In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best. by Software Engineering Institute (SEI) Podcast Series
26 min listen
Security: A Key Enabler of Business Innovation: In this podcast, participants describe how making security strategic to business innovation involves seven strategies. by Software Engineering Institute (SEI) Podcast Series
24 min listen
Assuring Mission Success in Complex Environments: In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches. by Software Engineering Institute (SEI) Podcast Series
18 min listen
Privacy: The Slow Tipping Point: In this podcast, participants discuss a trend toward more data disclosure that may cause users to become desensitized to privacy breaches. by Software Engineering Institute (SEI) Podcast Series
18 min listen
Using Standards to Build an Information Security Program: In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program. by Software Engineering Institute (SEI) Podcast Series
28 min listen
A New Look at the Business of IT Education: System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. by Software Engineering Institute (SEI) Podcast Series
18 min listen
What Business Leaders Can Expect from Security Degree Programs: In this podcast, participants discuss whether information security degree programs meet the needs of business leaders seeking knowledgeable employees. by Software Engineering Institute (SEI) Podcast Series
19 min listen
The Path from Information Security Risk Assessment to Compliance: In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance. by Software Engineering Institute (SEI) Podcast Series
26 min listen
IT Infrastructure: Tips for Navigating Tough Spots: In this podcast, participants discuss how organizations may occasionally need to redefine their IT infrastructures and be ready to handle tricky situations. by Software Engineering Institute (SEI) Podcast Series
23 min listen
Inside Defense-in-Depth: In this podcast, participants discuss defense-in-depth, a path toward enterprise resilience. by Software Engineering Institute (SEI) Podcast Series
16 min listen
Building More Secure Software: In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers. by Software Engineering Institute (SEI) Podcast Series
17 min listen

More Episodes from Software Engineering Institute (SEI) Podcast Series

Skip carousel

Safeguarding Against Recent Vulnerabilities Related to Rust: What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their... by Software Engineering Institute (SEI) Podcast Series
26 min listen
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs): Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James... by Software Engineering Institute (SEI) Podcast Series
31 min listen
Automated Repair of Static Analysis Alerts: Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering... by Software Engineering Institute (SEI) Podcast Series
27 min listen
Cyber Career Pathways and Opportunities: Not all paths to cybersecurity careers look the same. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Randy Trzeciak, deputy director of cyber risk and resilience in the SEI’s CERT division, discusses his... by Software Engineering Institute (SEI) Podcast Series
31 min listen
My Story in Computing with Sam Procter: Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie... by Software Engineering Institute (SEI) Podcast Series
37 min listen
Developing and Using a Software Bill of Materials Framework: With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party... by Software Engineering Institute (SEI) Podcast Series
38 min listen
The Importance of Divesity in Cybersecurity: Carol Ware: In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in... by Software Engineering Institute (SEI) Podcast Series
27 min listen
The Importance of Diversity in Software Engineering: Suzanne Miller: In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the... by Software Engineering Institute (SEI) Podcast Series
29 min listen
The Importance of Diversity in Artificial Intelligence: Violet Turri: Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering... by Software Engineering Institute (SEI) Podcast Series
17 min listen
Using Large Language Models in the National Security Realm: At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower... by Software Engineering Institute (SEI) Podcast Series
35 min listen
Atypical Applications of Agile and DevSecOps Principles: Modern software engineering practices of and have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business... by Software Engineering Institute (SEI) Podcast Series
34 min listen
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction: Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations... by Software Engineering Institute (SEI) Podcast Series
35 min listen
The Impact of Architecture on Cyber-Physical Systems Safety: As developers continue to build greater autonomy into (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and... by Software Engineering Institute (SEI) Podcast Series
34 min listen
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies: To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span... by Software Engineering Institute (SEI) Podcast Series
46 min listen
The Cybersecurity of Quantum Computing: 6 Areas of Research: Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT... by Software Engineering Institute (SEI) Podcast Series
23 min listen
User-Centric Metrics for Agile: Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be... by Software Engineering Institute (SEI) Podcast Series
32 min listen
The Product Manager’s Evolving Role in Software and Systems Development: In working with software and systems teams developing tech products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams weren’t putting in enough time and effort into thoroughly assessing the product by talking to... by Software Engineering Institute (SEI) Podcast Series
24 min listen
Measuring the Trustworthiness of AI Systems: The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate... by Software Engineering Institute (SEI) Podcast Series
19 min listen
Actionable Data in the DevSecOps Pipeline: In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program... by Software Engineering Institute (SEI) Podcast Series
32 min listen
Insider Risk Management in the Post-Pandemic Workplace: In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise... by Software Engineering Institute (SEI) Podcast Series
48 min listen
An Agile Approach to Independent Verification and Validation: Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering... by Software Engineering Institute (SEI) Podcast Series
32 min listen
Zero Trust Architecture: Best Practices Observed in Industry: Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in... by Software Engineering Institute (SEI) Podcast Series
28 min listen
Automating Infrastructure as Code with Ansible and Molecule: In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles,... by Software Engineering Institute (SEI) Podcast Series
40 min listen
Identifying and Preventing the Next SolarWinds: In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to... by Software Engineering Institute (SEI) Podcast Series
46 min listen
A Penetration Testing Findings Repository: In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that... by Software Engineering Institute (SEI) Podcast Series
26 min listen
Rust Vulnerability Analysis and Maturity Challenges: While the of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there... by Software Engineering Institute (SEI) Podcast Series
37 min listen
We Live in Software: Engineering Societal-Scale Systems: Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms... by Software Engineering Institute (SEI) Podcast Series
40 min listen

Related podcast episodes

Skip carousel

Embedded Systems in Elixir vs. C, C++, and Java with Connor Rigby & Taylor Barto: Connor Rigby, Software Engineer at SmartRent, and Taylor Barto, Lead Embedded Software Engineer at Eaton, join Sundi to compare notes on embedded systems development with Elixir, C, C++, and Java. The guests ask one another questions to gain valuable insights into challenges, tooling, resources, and more across different embedded ecosystems. by Elixir Wizards
47 min listen
Intel C++ Compiler with Udit Patidar and Anoop Prabha: Rob and Jason are joined by Udit Patidar and Anoop Prabha from Intel to discuss Intel's C++ Compiler and suite of Performance tuning Software Development Tools. Anoop Prabha is currently a Software Engineer in Software and Services Group at Intel... by CppCast
58 min listen
Nailing Down the Right Abstractions - Tim Neutkens (Vercel) by Developer Experience
64 min listen
Episode 184: Safety in Swift 6, Protocols & More with Doug Gregor by Algorithms + Data Structures = Programs
40 min listen
Cache Friendliness with Björn Fahller: Rob and Jason are joined by Björn Fahller. They first discuss articles on the C++ ABI and a blog post on performance analysis. Then Björn talks about cache friendliness, C++ contracts and type safety. Björn works for Net Insight, where he wears... by CppCast
42 min listen
Victor Rentea: Never Separate The Refactoring From The Deliverable: Robby speaks with Victor Rentea, an independent technical trainer and Lead Architect at IBM based in Romania. Victor talks about teaching other engineers about legacy code, calling yourself an "expert", and what to do when you're rushed to deliver features but are dealing with refactoring challenges. by Maintainable
35 min listen
Stig Brautaset: Understanding Alien Artifacts in Legacy Code: Join Robby as he chats with Stig Brautaset from CircleCI about the nuances of maintaining well-documented but complex legacy code, the impact of developer on-call duties, and the intriguing concept of "Alien Artifacts" in software. by Maintainable
46 min listen
Episode 181: The C++0x Concepts Story with Doug Gregor (Part 2) by Algorithms + Data Structures = Programs
33 min listen
April 15, 2021: FBI patches Exchange server backdoors IcedID looks to fill the Emotet malware void Draft plan to improve US power grid security Thanks to our episode sponsor, Sonatype Ask any software developer, and they’ll tell you the truth about two things: 1.... by Cyber Security Headlines
7 min listen
Clang Power Tools with Victor Ciura: Rob and Jason are joined by Victor Ciura from Caphyon to talk about bringing clang tidy magic to Visual Studio C++ Developers with Clang Power Tools Victor Ciura is a Senior Software Engineer at CAPHYON and Technical Lead on the Advanced... by CppCast
68 min listen
Episode 182: C++ Variadic Templates, Swift and More with Doug Gregor by Algorithms + Data Structures = Programs
38 min listen
Episode 180: The C++0x Concepts Story with Doug Gregor (Part 1) by Algorithms + Data Structures = Programs
49 min listen
Mark Erikson: Accidentally Becoming an Open Source Maintainer: Robby speaks with Mark Erikson, Software Engineer at Northrop Grumman and Redux Maintainer. They discuss common characteristics of well-maintained software code, documentation best practices, and advice for developers on how to begin contributing to open source projects. by Maintainable
47 min listen
S2 E8 - Indigo Design: The Angular Show welcomes back our friends from Infragistics to talk about their new App Builder prototype as a low-code solution to building Angular applications that integrate seamlessly with their Indigo Design platform. Infragistics is a design... by The Angular Plus Show
52 min listen
Dark Lang with Ellen Chisa and Paul Biggar: Dark Lang is a programming language that is tightly integrated with the cloud. Dark takes an opinionated approach that most developers are going to want to run their applications in the cloud, and this perspective influences how Dark looks at deployme... by Cloud Engineering Archives - Software Engineering Daily
61 min listen
April 13, 2021: Nvidia announces AI-powered tools for cybersecurity Biden announces nominations for cybersecurity positions Apple updates chip security mid-production Thanks to our episode sponsor, Sonatype Ask any software developer, and they’ll tell you the... by Cyber Security Headlines
6 min listen
Episode 49: Special Guest Dave Abrahams! (Part 2) by Algorithms + Data Structures = Programs
41 min listen
Technical Debt as a Core Software Engineering Practice: In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers. by Software Engineering Institute (SEI) Podcast Series
23 min listen
Henrik Warne - There is No Software Maintenance: Robby has a chat with Henrik Warne (he/him/his), the Senior Software Engineer at Talos, about the importance of code having structure early on, the importance of engineers being able to read, run, and test code when they join a project, why Henrik feels there is no such thing as software maintainance, how software is better seen as a product versus a project, why all software engineers should spend a portion of their time working on bugs, and much more. by Maintainable
43 min listen
InDesignSecrets Podcast 139: Object style tricks; Quizzler winner (floppy disc icons); KBSC of the week: Recall Zoom; Obscurity of the Week: Spacing Options ----- Details below, or go to http://indesignsecrets.com/indesignsecrets-podcast-139.php for full show notes, links and... by InDesign Secrets
33 min listen
Intel Tamper Protection with Marc Valle: Rob and Jason are joined by Marc Valle to discuss Intel's Tamper Protection Toolkit which can be used to protect your C++ application from reverse engineering and tampering. Marc Valle is the technical lead for the Intel (R) Tamper Protection... by CppCast
31 min listen
Security Pattern Assurance through Roundtrip Engineering: In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns. by Software Engineering Institute (SEI) Podcast Series
16 min listen
Site Reliability Management with Mike Hiraga: Software engineers have interacted with operations teams since software was being written. In the 1990s, most operations teams worked with physical infrastructure. They made sure that servers were provisioned correctly and installed with the proper sof... by Cloud Engineering Archives - Software Engineering Daily
43 min listen
Ryan Cromwell: Is the Juice Worth the Squeeze?: Robby speaks with Ryan Cromwell, Technical Director at Sparkbox. They discuss the importance of simplifying deployments, technical debt in the client-services industry, and the traits to seek when hiring software engineers for client-services based work. by Maintainable
48 min listen
Runtime Compiled C++ with Doug Binks: Rob and Jason are joined by Doug Binks from Enkisoftware to discuss Runtime Compile C++. Doug Binks is programming the game Avoyd using Runtime Compiled C++, a technique he co-developed with industry friends; and enkiTS, a lightweight task... by CppCast
51 min listen
[AIE Summit Preview #1] Swyx on Software 3.0 and the Rise of the AI Engineer by Latent Space: The AI Engineer Podcast — Practitioners talking LLMs, CodeGen, Agents, Multimodality, AI UX, GPU Infra and all things Software 3.0
39 min listen
My interview with Ben Forta: In this special Inside Adobe episode, I get to interview Adobe's Sr. Technical Evangelist Ben Forta. Ben evangelizes Adobe's various platforms with designers and developers alike. In this episode he talks about how Flex and Cold Fusion are important... by Adobe Creative Cloud TV
8 min listen
Infrastructure as Code with Rob Hirschfeld: Infrastructure as code is a concept that has delighted software engineers, dev ops, and engineering management across the board. It’s neither fun nor efficient to configure the infrastructure and environments software teams require. by Cloud Engineering Archives - Software Engineering Daily
48 min listen
API Design Standards with Andy Beier: There are various standards at play when creating and consuming Application Program Interfaces (APIs). These standards, though, are mostly technical and mostly lower-level than the content of the API. Andy Beier has experienced the broad range of API ... by Cloud Engineering Archives - Software Engineering Daily
49 min listen
The Power of Developer-First Security - Hillary Benson - ASW #168: Developers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving... by Application Security Weekly (Video)
33 min listen

Discover this podcast and so much more

Identifying Software Security Requirements Early, Not After the Fact

Identifying Software Security Requirements Early, Not After the Fact

Description

Titles in the series (100)

More Episodes from Software Engineering Institute (SEI) Podcast Series

Related podcast episodes