Building India as the destination for secure software development - Next wave of opportunities for the ICT industry

Abstract

Information and Communications Technology is becoming synonymous with the survival and sustenance of human race in social, economic, political and military terms. As a result of this the security of IGT is becoming a serious global concern. USA alone looses about $38B in security lapses and tracking of virus incidents alone runs into the range of $80B per year worldwide. These losses are incurred despite an estimated security market size of $36B expected by the year 2007-08. There are no foolproof solutions in sight. Software is the lynchpin of information systems. However software is prone to suffer disability, damage, denial, disruption or destruction in information systems. Thus insecure software is the single most serious security concern being faced by the society. The new focus across the global ICT community is therefore to eliminate threats and vulnerabilities to software by removing the root causes of its weaknesses by revisiting the life cycle approach to software engineering, whereby security is built into each stage rather than bolting it down as an after thought. The secure software is a demand of every customer. Efforts are underway in many countries to answer the call for this demand. In this talk I will present how ICT security is emerging a 21 century global nightmare, the new global vision of ICT security, where the world is moving to in the context of cyber security, why and how software is the weakest building block in ICT security journey, how the development of secure or trustworthy software can address majority of the cyber security concerns, what are the challenges of developing secure or trustworthy software, why a global initiative and collaboration is necessary, why should India position itself to be the secure or trustworthy software power house, what will it take India to create secure software development capability, what is India's value proposition in terms of education, emerging R&D base, quality, manpower etc. to succeed in secure software initiative, how to mobilize India to develop secure software development capability. The analysis presented to build a case for India will cover protection of Information Age Infrastructures as immediate national necessity, standards driven security framework for National Information Infrastructures, life cycle approach to secure software development and outlines of a blue print for India to develop into a secure software development destination. © Springer-Verlag Berlin Heidelberg 2005.