Last week, I was involved with a half-day of education that covered the topic of how, why, when, and where to write secure code. The attendees came away with a great understanding of the topic, as did I. Another step in that same education process comes next week with a three-day online class aptly named “Secure Code.” It’s part of our ongoing Embedded University series.
The three classes will cover the process of writing secure code in a timely manner; how to keep your freshly minted code secure; and an example application (automotive). The classes are taught by expert instructor Rob Hoffman, of High Assurance Systems. They’ll be held on Oct. 13, 14, and 15 at 11:00 AM EDT (for about an hour each day).
One of the most important concepts that I’ve picked up is that is that it’s not just about writing the secure code. You must ensure that the code maintains its security throughout its lifetime. You also must be in the mindset of building secure code right from the very beginning. If you try to “add it in” later in the process, you’re likely going to miss something.
The threats that you need to fend off continue to evolve and grow, and the risks are sometimes large and sometimes small. But either way, you want to do your best to avoid them. There are standards and certificates that can be maintained, and some are more valuable than others.
Finally, there are tools that are at your disposal to simplify the process. But unfortunately, like many times, it’s hard to know what you don’t know (I like that phrase). So it helps to have an expert point things out for you, provide you with a blueprint, and put you on the right path.