Home > Software Quality Tips > Software Quality Book Excerpts > Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
Software Quality Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

SOFTWARE QUALITY BOOK EXCERPTS

Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software


Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead
05.20.2008
Rating: --- (out of 5)


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 3 of Software Security Engineering: A Guide for Project Managers written by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead and published by Addison-Wesley Professional. "Requirements Engineering for Secure Software" discusses systematic approaches to security requirements. These approaches take into account the perspective of the potential attacker, through which much greater security coverage is attained.


Software Security Engineering: A Guide for Project Managers

Book description:

Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.

Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) website. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development lifecycle (SDLC). The book's expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.

This book will help you understand why:

  • Software security is about more than just eliminating vulnerabilities and conducting penetration tests.


  • Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks.


  • Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough" -- understanding that software security risks will change throughout the SDLC.


  • Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack.

>> Read Chapter 3: Requirements Engineering for Secure Software.

>> Buy the book



This chapter is excerpted from the book, Software Security Engineering: A Guide for Project Managers, authored by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead, published by Addison-Wesley Professional, May 2008. This book is part of both The SEI Series in Software Engineering and The Addison-Wesley Software Security Series. ISBN 9780321509178. For more information please visit SafariBooksOnline.com.

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Software Quality Book Excerpts
Perfect Software, Ch. 8: What Makes a Good Test
Seven Steps to Mastering Business Analysis, Ch. 1
Clean Code: A Handbook of Agile Software Craftsmanship, Chapter 1 -- What Is Clean Code?
The Software Project Manager's Bridge to Agility: Chapter 5, Scope Management
Requirements Management Using IBM Rational RequisitePro: Chapter 1, Requirements Management
Implementing ITIL Configuration Management: Chapter 3, Determining Scope, Span and Granularity
Agile Software Development: The Cooperative Game, 2nd Edition -- Chapter 3, Communicating, Cooperating Teams
Inherent Quality Simplicity, Section V: The Evolution
Managing the Test People, Chapter 6: Keeping Your Beast Effective
Mastering the Requirements Process, 2nd Edition: Chapter 2, The Requirements Process

Application Security Book Excerpts
Cybersecurity czar candidate questions clout of new position
Commonly-overlooked security flaws in rich Internet applications
Common mistakes in real-time Java programming
Web Security Testing Cookbook sample recipe
Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
Ajax Security -- Chapter 6, Transparency in Ajax Applications
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks
Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors

Building security into the SDLC (Software development life cycle)
Problems caused by skipping analysis stage of SDLC
Inexpensive phase of SDLC to catch and fix bugs
GatherSpace beefs up cloud-based requirements management
ALM: Best of breed vs. complete systems
Software development life cycle phases, iterations, explained step by step
The role of quality assurance (QA) pros in software security
Common software security risks and oversights
Why the quality assurance department should be involved in testing
How to develop secure applications
Secure software development practices 'not rocket science'

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Software Design & Testing - Project Management
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts