Publication of the Trusted CI Guide to Securing Scientific Software - Trusted CI

This resource first appeared in issue #105 on 16 Jan 2022 and has tags Technical Leadership: Security

Publication of the Trusted CI Guide to Securing Scientific Software - Trusted CI

The Trusted CyberInfrastructure project has released its report and now guide into securing scientific software - and to some extent the systems they run on.

The guide covers the usual topics, but with specific focus on scientific computing: “social engineering”, classic software exploits such as you’d see on OWASP’s top 10 (injection attacks, buffer overflows, improper use of permissions, brute force, software supply chain) and network attacks (replays, passwords, sniffing), and gives guides on training, governance, analysis tools, vulnerability management, and using good cryptography.

<<<<<<< HEAD
======= >>>>>>> c1d069a... First pass at category pages