Monday 19 October at 6 for 6:15pm start.

We met online, instead of meeting at the Shed.

The meeting started with the Australian Delphi User Group Annual General Meeting. The AGM went for about 30 minutes.

Then Sue King talked about code security:
Processes that can help in developing software secure in terms of vulnerabilities as well as keeping the code secure. Based around the white paper ‘Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework’ published by the US National Institute of Standards and Technology

The presentation covered areas such as system planning, coding practices, testing, static analysis, security of code repositories, toolchains, automation, authentication, logging, and bug tracking. It stimulated a lot of discussion about security and development methodologies.

A recording of Sue’s presentation is available at
https://www.youtube.com/watch?v=BU86h4PrITo
The recording includes the discussion that follows, which got a bit off topic at times.

Links:
The white paper:
https://csrc.nist.gov/publications/detail/white-paper/2020/04/23/mitigating-risk-of-software-vulnerabilities-with-ssdf/final

NIST: Special Publication 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
https://www.sans.org/security-awareness-training/blog/time-password-expiration-die

Two links mentioned in the discussion
OWASP Top Ten: https://owasp.org/www-project-top-ten/
An article about mobile development:
http://www.eng.uwaterloo.ca/~erick/watitis-development.pdf

Venue: The comfort of your own home.