Mitigate the risk of software vulnerabilities with best practices and tools for secure scientific software development
The sharp increase in computational power of computing ecosystems is likely to continue as we move toward exascale and beyond. In turn, we are seeing new convergent computing platforms along with a paradigm shift in scientific software applications leveraging these platforms. Unfortunately, this also leads to an unexpected growth in security risks pertaining to cybercriminals, as well as malicious insiders in the computing ecosystems. To address these issues, it is of paramount importance to integrate security within the scientific software development lifecycle. The need for best practices for secure software development has been highlighted in the President’s Executive Order on Improving the Nation’s Cybersecurity issued in May, 2021.
Nitin Sukhija will create a one-day workshop on securing scientific software development. The workshop components will include evaluating design practices for creating secure software, software processes for managing secure software, threat modeling, and quality assurance testing using both static and dynamic analysis tools. The workshop will include hands-on exercises with penetration testing tools and how to mitigate threats such as losing sensitive information due to a variety of potential vulnerabilities. The workshop is intended to aid members from diverse research domains in development of trustworthy and secure scientific software.
Nitin Sukhija is an associate professor in the department of computer science and director of Center for Cybersecurity and Advanced Computing (C2AC) at Slippery Rock University of Pennsylvania. His areas of expertise are scientific computing focusing on performance modeling, robustness and resilience analysis, and cybersecurity.
Selected Resources
Secure Software Programming Practices and Development blog article Best Practices and Tools for Secure Scientific Software Development HPC Best Practices Webinar - Secure Software Programming Practices and Development