[AWARNESS] People, at the heart of the challenges in the development of secure products

     This expression is more and more omnipresent in a world where you have to dare to succeed.  Moreover, success is to produce as quickly and cheaply as possible in order to earn the most money. However, this race against time can lead to errors with consequences, especially in the development of applications.

The inaugural flight of the Ariane 5 rocket is a first example. In 1996, after 37 seconds of flight, following an Integer Overflow in the main inertial guidance system computer, the rocket suddenly deviated from its trajectory and eventually exploded. In 2016, an exception in the code set up by the team launching TheDAO, a decentralized autonomous organization, on one of its smarts contracts (intelligent contract written on a distributed registry) allowed an attacker to siphon the equivalent of 150 million USD at the time.

More recently, in 2017, a bug in the macOS High Sierra operating system simply allowed you to log in as a machine administrator by entering an empty password in the device authentication form. These three examples are no exception and many cases appear every day on the front page of the newspapers. Today, the number of features takes precedence over safety and security. Aligning security with development is no small task.

To combine the two, it is necessary to identify good development practices upstream of a project. digital.security offers effective short training courses to educate developers on these good practices to manage security incidents upstream and thus ensure the long-term development of secure products.