The development of secure software requires the specification and communication of functional and nonfunctional security and privacy requirements, the utilization of secure and privacy-preserving programming language constructs and the application of secure and privacy-preserving coding best practices. Currently, firms focused on developing code that is both secure and privacy-preserving will employ at most two of these techniques. Unfortunately, this leads to software with the appearance of being safe (i.e. secure and privacy-preserving code), but that offers very little real protection. You can have a secure design, but if there are no supporting language constructs then the systems won’t be safe. If the programmer does not know the secure coding principles and is unaware of privacy engineering methodology, then the resulting software will not be safe. Additionally, privacy engineering is a relatively new area and researchers are trying to determine how to characterize privacy requirements. The specification of these requirements is an inter-disciplinary undertaking; involving experts in law, business, and computer science. By getting experts in security, privacy, requirements engineering, programming languages, formal methods, privacy engineering and secure coding into the same space, it is hoped that the community can bridge the gap between the design and the implementation of safe code. This workshop seeks to enable the development of safe software systems by getting the people of these currently isolated fields to start talking, working together and addressing this very difficult issue.
10月21日
2014
会议日期
初稿截稿日期
注册截止日期
留言