Wednesday, December 3, 2014

Security for Software Cyberinfrastructure

NSF's CIF21 Software Vision (NSF 12-113) recognizes that "software is a critical and pervasive component of cyberinfrastructure for science, engineering, and education" and that cyberinfrastructure (CI) software "must be reliable, robust, and secure." What are community best practices for developing reliable, robust, and secure software, and what unique challenges do NSF CI software development projects face?

CTSC will be exploring this topic over the coming months by supplementing CTSC’s existing training materials on secure coding practices with guides that cover additional security topics throughout the software development lifecycle, such as:

  • identifying security objectives and addressing security threats during the software design phase to avoid patching for security issues later in the process
  • software release engineering to support the integrity and maintenance of deployed software, including security hygiene for developers to safeguard credentials and revoke credentials if compromised
  • vulnerability handling processes and software update mechanisms to address software vulnerabilities when they occur
  • software maintenance and dependency management for keeping up-to-date on security standards and fixes

We welcome your input and questions as we develop materials (and gather pointers to existing materials) on these topics. Please join the discussion on the CTSC Security Discussion email list.