Why Cybersecurity problems?

To answer why Cybersecurity? we must discuss how software is being developed.

There are traditional software methods (also called waterfall)

Waterfall_model

from  the following site: http://www.umsl.edu/~hugheyd/is6840/waterfall.html

I always like to break down waterfall in the following:

  1. Pseudocode
  2. Design
  3. Develop
  4. Test
  5. Customer has it – needs any bug fixes must be fixed.

Did you notice a lack of security thinking? It is supposed to be baked into the whole process, but it usually is _not_.

So there are people adding some testing processes, and some companies are trying to add security thinking into the development and pseudocode, but it has not caught hold well enough yet.

 

Even the security software companies have problems with the new hacker normal.  So the problem is with the new attacks are much more sophisticated (which we have posted here before)

http://oversitesentry.com/why-is-security-difficult-target-breach-analysis-2-yrs-later/

 

And the Nationstates are developing attacks, so they are more sophisticated:   http://oversitesentry.com/digital-anything-is-at-risk-fingerprints/

 

Xp-loop_with_time_frames

There is another software methodology called Agile (known as Xtreme Programming XP)

http://www.umsl.edu/~hugheyd/is6840/agile.html

It is esssentially the following:

  1. Pdeudocode and Design
  2. Develop software ant test
  3. feedback from Client
  4. Go back to 1.

 

Again security is not built into it. You are supposed to think about security or test for security as you build software.

 

Well, how has this worked out for us? More Cyberattacks coming at us than ever before although the attackers are more sophisticated

We have to step up our tests testing using security attack methods is the only way to improve this cycle.

 

 

 

 

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.