When professionals without security awareness plan a project, security is often left out. The result costs money in the long run. What can we do to make it better?A multitude of Websites, guides, best practices, and books exist about security design and secure coding. But the information as a whole is not very organized. It's time for security-design patterns to be considered as important as any secure coding effort.
For new projects and innovations to examine basic security at the design phase, they need easily available references that speak their language. When these references become available, we get one step closer to bringing security into the project management phase as yet another box to examine -- and to tick.
Preaching "design security in" and "do security first" never got our industry far. We find the bugs later on and annoy everybody.
Better organization of security design patterns can take us that extra step to reaching the hearts and minds of unaware programmers during the design phase -- and before the threats emerge.
Security considerations for new projects written for project managers may make this available knowledge sought after by the programmers to begin with.
It's a front worth exploring. How would you go about it?
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio