My name is Innokentiy Ivanov, I am the manager of EldoS SecureBlackbox product – a comprehensive library of security-related software components. For six years we helped thousands of our customers all over the world to successfully integrate security features into their software products.
Unfortunately, in our work we faced with quite an unpleasant fact. It turned out that the heads of many companies and separate software projects have a kind of superficial understanding of data protection and information security problems. In particular, they suppose that adding third-party security components is enough to make their product secure. They delegate the task of implementing security features to the ordinary programmers, in the belief that this task is no more complex than any other basic subtask of the project. They are wrong. Integrating security features to a project requires a good understanding of this task and certain level of skills in information security field. The developer responsible for adding security to the project should clearly understand what exactly security problems he has to solve, and which ways of solving them are the optimal ones. If the person responsible for security in your project does not have such skills, you have a chance to get the illusion of security.
The purpose of this blog is the consideration of the most typical mistakes and misconceptions related to integration of security features to software products. I hope it will be useful to the managers of the products containing security modules, as well as to the developers responsible for implementing those modules in robust and safe way.
So, let's start building safe and secure world.
No comments:
Post a Comment