Should the design cycle of new products include an analysis of security vulnerabilities?

4300 pts.
Tags:
Black Hat
product development
Security
Black Hat 2013 was a tension filled affair. In addition to National Security Agency Director General Keith B. Alexander defending U.S. surveillance of American citizens, claiming it's a necessity in a world threatened by what he called "terrorists among us," SeungJin "Beist" Lee showed attendees the possibilities of another sort of surveillance: how cameras and microphones on smart TVs can be turned into state-of-the-art snooping devices by malicious hackers.Other sessions focused on the vulnerability of embedded control devices in factory settings.This raises the question, should we change the design cycle of new products to include an overview and repair of security vulnerabilities, even though this may add costs and push out release dates?

Answer Wiki

Thanks. We'll let you know when a new response is added.

It sounds good on paper but it’ll never happen.

Features and general expediency will always trump security. As we’re seeing with so many – especially the younger generation – privacy is no longer coveted so we are, in effect, reaping exactly what we’re sowing.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    Since consumer concerns over personal security can cause decisions against purchases, I'd say that security impacts ought to be included already. In that sense, no, a "change" wouldn't be needed. But experience says it's commonly not a major concern of designers; so, yes, processes should be changed to include them. -- Tom
    125,585 pointsBadges:
    report
  • ToddN2000
    Definitely. With today's rampant hacking and breaches you cannot turn away from the fact you could be a target. You need good defenses and disaster recovery in case it does happen.
    53,105 pointsBadges:
    report
  • CharlieBrowne
    Absolutely. It is far less expensive to add functions during the design phase that at any other stage in development.
    61,425 pointsBadges:
    report
  • ToddN2000
    I agree with Charlie. Trying to retro fit a security solution after the project is completed may result in an inferior solution. If the security is built around from the beginning you will have a more stable system.
    53,105 pointsBadges:
    report
  • Kevin Beaver
    I see that this one has been resurrected from a few years ago. My answer is a resounding YES...even in 2013 terms. Heck, given all that we knew about security issues back in the mid-2000s, this was a discussion for way back then. Regardless of the year (or era), the human desire for instant gratification will trump almost anything.
    21,250 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: