Despite its reputation for secrecy and technical expertise, the U.S. National Security Agency doesn't have a set of secret coding practices or testing methods that magically make its applications and systems bulletproof. In fact, "most of what we do in terms of app development and assurance is in the open literature now. Those things are known publicly now," says Neil Ziring, technical director of the NSA's Information Assurance Directorate.
Even within the NSA, the problems of application security remain maddeningly difficult to solve, Ziring says. The agency faces many of the same challenges that private enterprises and other organizations do when it comes to writing secure applications and defending deployed apps.
"Assurance is very hard to do for apps, especially lightweight, distributed apps. They don't have a clean, waterfall lifecycle," Ziring says. "Apps have become the primary targets of attackers."
View Full Article
No entries found