tspsymposium2014

The software development life cycle presents a wide array of attack vectors for malicious insiders. The software produced, and its associated artifacts, are assets that an organization must protect. The data collected by or entered into software can be the target of theft, tampering, and other types of malicious activity. The business processes automated by software can be severely impacted when software is faulty or services are unavailable. Through the CERT Division's insider threat research, we have collected numerous cases in which insiders exploited vulnerabilities in software development processes to cause harm to their organizations. In this presentation, we discuss patterns and trends in these cases, focusing on similarities in attack techniques, targets, and motivations. We also present mitigation strategies for commonly exploited vulnerabilities and make the case for the creation of a secure software development process as a critical piece of a robust insider threat program.