Secure Software Development

Secure Software Development

Abstract 1

Most security vulnerabilities result from defects that are unintentionally introduced in the software during design and development . Therefore , to significantly reduce software vulnerabilities , the overall defect content of software must be reduced Defect reduction is a pre-requisite for secure software development , but it is not enough . Security must also be deeply integrated into the full software development life cycle (SDLC

What can be done to reduce defects in software , and thus reduce vulnerabilities in software ? Two things must be done : defects must be managed [banner_entry_middle]

throughout the software development life cycle , and security must be addressed throughout the software development life cycle

Since common software defects are a leading cause of vulnerabilities the overall defect content of software must be reduced . Next , security must be systematically addressed throughout the software development life cycle . There must be a shift in attitude from “bolting security on after the fact , to “building security in ” as the product is being developed . This requires that good software engineering practices are followed while the software is being developed , including multiple defect removal activities

Abstract 2

Today ‘s development organizations are faced with the traditional time-to-market and cost pressures that make them hesitant to introduce new processes into the software development lifecycle . Software development is a professional discipline and , in many respects , the process is more important than the software tools employed

Software is the circulatory system of the global economy . It manages our financial transactions , it tracks the products in our ports ‘ shipping containers , and it monitors a sick person ‘s vital signs and a lot more Much of the software we have today is not worthy of being part of that circulatory system . Software today has enough imperfections to create a tremendous amount of security vulnerabilities , and with those vulnerabilities come risks to the stability of our global economy and threats to individual companies that comprise it . Fortunately , many amazingly talented people understand and care about the underlying problems that plague the software industry , and are focused on improving the odds . While it is clear that there is no silver bullet , the progress many of these experts have made in understanding the problem is tremendous . Even more encouraging is seeing some more progressive individuals and organizations already bringing the required solutions to market

Meaningful improvements in application security can be achieved via better security practices in the development lifecycle . This is only likely to happen when the security teams understand and support the process-oriented needs of development… [banner_entry_footer]