Barney's Blog

Blog archive

Can't Rush Good Security

I hope you're sitting down for this breaking news: It actually takes some time (and patience) to develop secure mobile applications.

This radical train of thought, which came out at last week's CompTIA's Tech Summit on Cybersecurity in Washington, goes against the traditional way of thinking that if you close your eyes and hit a bunch of buttons, applications will secure themselves.

While the suggested notion that dedicated time for correct testing and auditing of mobile apps will lead to less security holes seems like a no-brainer to me, only 17 percent of available apps are actually following correct practices for mobile security.

So what is the other 83 percent's excuse? Apparently it's a lack of secure development lifecycle tools. With the market evolving rapidly, and with multiple platforms (old and new) to consider, it may not be in the cards to purchase all the necessary tools to satisfy every mobile OS. And even if you do have the correct tools, who has the time to develop it properly for multiple platforms?

So what does this mean? Should mobile developers limit their reach, specializing in only the one or two platforms that it has the correct tools for? And while this study focuses on mobile development, its common sense message can be applied to all facets of development and IT.

Do you feel you have the adequate amount of time and funding to implement secure practices? Let Doug know at [email protected].
-By Chris Paoli

Posted by Chris Paoli on 08/10/2011 at 1:18 PM


Featured

comments powered by Disqus

Subscribe on YouTube