For our October meeting, we have Richard Storer giving a talk entitled
"How do you develop secure code?" so please do join us. We are a friendly group who enjoys geeking out about programming, and don't let the C/C++ part of our group name fool you.
We are primarily about professionialisation in software, so we are open to anyone regardless of the coding language you use :-)
After the talk, we will retired to the Brewdog, where the conversation will continue.
== Talk Details ==
The most common causes of security vulnerabilities in software continue to be buffer overflow and command injection and yet it is well understood how to avoid these flaws.
There are two main reasons why software continues to be full of security flaws:
1. We don't develop software with security in mind
2. Security flaws can be hard to find in code that's already out there (see 1)
Software doesn't have to be secure to work – to meet its functional requirements, so some extra effort is needed to develop secure code. Does it need a new development paradigm or can we adapt established software development techniques to create secure code?
I believe that we can carry on developing in our favourite way, building in security as we go. I'll try and illustrate this with some examples and ask you how you might adapt your own software design technique to create secure code.