Improving Software Security
A closer look on IT security reveals two main reasons for security vulnerabilities of software systems: faulty configuration and faulty programming. Problems caused by faulty configuration are already controllable today by detailed company policies. The handling and prevention of security vulnerabilities caused by faulty programming are still open problems.
The scientific approach to software security is to establish and widen the theoretical boundaries of the domain. This methodology produces important results which unfortunately often aren’t widely adopted by the software industry. The reasons for this slow adoption are diverse and heavily debated.
The software industry on the other hand is interested in solutions which are practically applicable today. Especially the ratio between cost and benefit of chosen methods is an important factor. Solutions have also to be adaptable into the company’s processes. Besides developing new methods for securing software it is furthermore necessary to evaluate, standardize and measure existing approaches.
The goal of the Secologic Project is to bring the worlds of academic research and practical software engineering closer together.
Secologic is carried out as a joint project by the University of Hamburg, SAP AG, Commerzbank and EUROSEC.
For further information please visit the Secologic project at secologic.org.