Secure Software Engineering
Cyber attacks are increasingly targeting software vulnerabilities at the application layer. It is difficult to improve address these vulnerabilities: Software at this layer is complex, and the security ultimately depends on the many software developers involved.
Cyber attacks are increasingly targeting software vulnerabilities at the application layer. Vulnerabilities at this layer are well-known, for example OWASP publishes a list of common weaknesses, calledthe OWASP top ten. Addressing the vulnerabilities at the application layer is difficult however: Software at this layer is complex, and the security ultimately depends on the many software developers and software development firms who write web applications, apps, addons, libraries, and so on.
- Secure software engineering initiatives stocktaking: In 2011 we published an overview of different initiatives in the area of Secure software engineering Secure Software Engineering Initiatives.
- Secure App Development: In collaboration with OWASP (OWASP's Mobile Security project), ENISA addressed the lack of security guidelines for developers of smartphone apps with the report Smartphone Secure Development Guidelines.