Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering f

Software security requirements engineering is a critical part of the software development lifecycle. This free book chapter explains how to approach requirements engineering for a secure SDLC.

This Content Component encountered an error

As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 3 of Software Security Engineering: A Guide for Project Managers written by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead and published by Addison-Wesley Professional. " Requirements Engineering for Secure Software" discusses systematic approaches to security requirements. These approaches take into account the perspective of the potential attacker, through which much greater security coverage is attained.



Software Security Engineering: A Guide for Project Managers

Book description:

Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.

Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) website. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development lifecycle (SDLC). The book's expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.

This book will help you understand why:

  • Software security is about more than just eliminating vulnerabilities and conducting penetration tests.


  • Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks.


  • Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough" -- understanding that software security risks will change throughout the SDLC.


  • Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack.

>> Read Chapter 3: Requirements Engineering for Secure Software.

>> Buy the book




This chapter is excerpted from the book, Software Security Engineering: A Guide for Project Managers, authored by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead, published by Addison-Wesley Professional, May 2008. This book is part of both The SEI Series in Software Engineering and The Addison-Wesley Software Security Series. ISBN 9780321509178. For more information please visit SafariBooksOnline.com.
This was first published in May 2008
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close