Software Security: Building Security In | IEEE Conference Publication | IEEE Xplore

Software Security: Building Security In


Abstract:

Summary form only given. Software security has come a long way in the last few years, but we've really only just begun. I will present a detailed approach to getting past...Show More

Abstract:

Summary form only given. Software security has come a long way in the last few years, but we've really only just begun. I will present a detailed approach to getting past theory and putting software security into practice. The three pillars of software security are applied risk management, software security best practices (which I call touchpoints), and knowledge. By describing a manageably small set of touchpoints based around the software artifacts that you already produce, I avoid religious warfare over process and get on with the business of software security. That means you can adopt the touchpoints without radically changing the way you work. The touchpoints I will describe include: code review using static analysis tools; architectural risk analysis; penetration testing; security testing; abuse case development; and security requirements. Like the yin and the yang, software security requires a careful balance-attack and defense, exploiting and designing, breaking and building-bound into a coherent package. Create your own Security Development Lifecycle by enhancing your existing software development lifecycle with the touchpoints
Date of Conference: 07-10 November 2006
Date Added to IEEE Xplore: 11 December 2006
Print ISBN:0-7695-2684-5

ISSN Information:

Conference Location: Raleigh, NC, USA

Contact IEEE to Subscribe