Cybersecurity Through Secure Software Development

Reports about serious vulnerabilities in critical IT components have triggered increased focus on cybersecurity worldwide. Among the many initiatives to strengthen cybersecurity it is common to see the establishment and strengthening of CERTs and other centers for cybersecurity. On the other hand, strengthening education in IT security and applying methods for secure systems development are methods that receive much less attention. In this paper we explain how the lack of focus on security in IT education programs worldwide is a significant contributor to security vulnerabilities, and we propose an agile method for secure software design that requires team members to have received adequate security education and training.