State of the systems security.

Software-intensive systems are increasingly pervading our everyday lives. As they get more and more connected, this opens them up to far-reaching cyber attacks. Moreover, a recent study by the U.S. Department of Homeland Security shows that more than 90% of current cyber-attacks are enabled not by faulty crypto, networks or hardware but by application-level implementation vulnerabilities. I argue that those problems can only be resolved by the widespread introduction of a secure software development lifecycle (SDLC). In this technical briefing I explain where secure engineering currently fails in practice, and what software engineers can do if they want to make a positive impact in the field. I will do so by explaining major open challenges in the field, but also by resorting to success stories from the introduction of SDLCs in industry.