Visible to the public Software Security

2:30-3:30, Wed. 24 April
Johannes Sametinger (Johannes Kepler University)
Target Audience: Software engineers, programmers, software project managers, software administrators

The importance of IT security is out of doubt. Data, computer and network security are essential for any business or organization. Software security, however, all too often remains out of focus, both from a developer's and from a user's point of view. As a motivation, we will first consider various current security issues taken from the media and point out where software security has played a significant role. We will then present a thorough introduction to software security. We will differentiate software security from IT security, network security, computer security, and also from software safety. Prominent examples of software security bugs are buffer overflows, SQL injection and cross-site scripting. We explain the basic ideas behind such vulnerabilities, give recent examples where these bugs have occurred, and describe the damage they have caused. Next, we will differentiate security bugs from security flaws and again give recent examples.

Mitigation issues will be viewed from two different perspectives, from the developer's point of view and from the end-user's point of view. What does it need to develop secure software? For developers, we will introduce the security touch points, the security development life-cycle, and issues of secure coding. For end-users, we will present a recent case study that demonstrates the importance of software updates. However, technical aspects are not sufficient to guarantee security. A real world example will remind us that humans remain the weakest link in the security chain.

About the Speaker

Johannes Sametinger is a professor in the department of information systems at the Johannes Kepler University Linz in Austria. He teaches courses in algorithms, data structures, programming, software engineering, service engineering and software security. His research interests include many aspects of software engineering, with an emphasis on software security. Dr. Sametinger has received a Dr. techn. in computer science from the Johannes Kepler University Linz. He worked with Siemens in Germany and was a visiting researcher and guest professor in the U.S. (Texas A&M University, Brown University), in Canada (University of Toronto, Universite de Montreal), as well as in Germany (University of Regensburg). He is a longtime member of IEEE and ACM, and has published 50+ scientific papers on various aspects of software engineering. Contact him at