Despite its reputation for secrecy and technical expertise, the National Security Agency doesn't have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency's top technical experts said that virtually all of the methods the NSA uses for development and information assurance are publicly known.
"Most of what we do in terms of app development and assurance is in the open literature now. Those things are known publicly now," Neil Ziring, technical director of the NSA's Information Assurance Directorate, said in his keynote at the OWASP AppSec conference here Wednesday. "It used to be that we had some methods and practices that weren't well-known, but over time that's changed as industry has focused more on application security."
Ziring said that even within the NSA, the problems of application security remain maddeningly difficult to solve. The agency, which is responsible for both protecting the communications of the U.S. government and eavesdropping on those of hostile nations, faces many of the same challenges that private enterprises and other organizations do when it comes to writing secure applications and defending deployed apps.
From Threat Post
View Full Article
No entries found