Chapter 1 - Introduction (4/4)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

16 Core Software Security

outline a model for mapping SDL best practices to the software develop-

ment lifecycle and how you can use this to build a mature SDL program.

Although security is not a natural component of the way industry has

been building software in recent years, we believe that security improve-

ments to development processes are possible, practical, and essential, and

we trust that the software security best practices and model presented in

this book will make this clear to all who read this book, whether you are

an executive, manager, or practitioner.

References

1. President’s Information Technology Advisory Committee (2005), Cybersecurity: A

Crisis of Prioritization, Executive Office of the President, National Coordination

Office for Information Technology Research and Development, 2005, p. 39.

Retrieved from http://www.nitrd.gov/Pitac/reports/20050301_cybersecurity/

cybersecurity.pdf.

2. Ibid.

3. Aras, O., Ciaramitaro, B., and Livermore, J. (2008), “Secure Software

Development—The Role of IT Audit,” ISACA Journal, vol. 4, 2008. Retrieved

from http://www.isaca.org/Journal/Past-Issues/2008/Volume-4/Pages/Secure-

Software-Development-The-Role-of-IT-Audit1.aspx.

4. U.S. Department of Homeland Security (2006), Security in the Software Lifecycle:

Making Software Development Processes—and Software Produced by Them—More

Secure, DRAFT Version 1.2, p. 13. Retrieved from http://www.cert.org/books/

secureswe/SecuritySL.pdf.

5. Schwartz, M. (2012), “10 Security Trends to Watch in 2012.” Retrieved from

http://www.informationweek.com/security/vulnerabilities/10-security-trends-

to-watch-in-2012/232400392.

6. Parizo, E. (2012), “To Get Help with Secure Software Development Issues,

Find Your Own Flaws.” Retrieved from http://searchsecurity.techtarget.com/

news/2240129160/To-get-help-with-secure-software-development-issues-find-

your-own-flaw.

7. Microsoft Corporation (2012), Security Development Conference 2012

webpage, May 15–16, 2012, Washington, DC. Retrieved from https://www.

securitydevelopmentconference.com/main.aspx.

8. blackhat.com (2013), Black Hat USA 2012 Conference webpage, July 21–26,

2012, Las Vegas, NV. Retrieved from http://www.blackhat.com/html/bh-us-12.

9. rsaconference.com (2013), RSA 2013 Conference USA webpage, February 25–

March 1, 2013, San Francisco, CA. Retrieved from http://www.rsaconference.

com/events/2013/usa.

10. securitydevelopmentconference.com (2013), Security Development Conference

Introduction 17

2013, May 14–15, 2013, San Francisco, CA. Retrieved from http://www.

securitydevelopmentconference.com.

11. Boehm, B., and Papaccio, P. (1998), “Understanding and Controlling Software

Costs,” IEEE Transactions on Software Engineering, vol. 14, no. 10, October 1988,

pp. 1462–1477.

12. Beohm, B., and Basili, V. (2001), “Software Defect Reduction Top 10 List,”

Computer, vol. 34, no. 1, January 2001, pp. 135–137.

13. Meftah, B. (2008), “Business Software Assurance: Identifying and Reducing

Software Risk in the Enterprise,” 9th Semi-Annual Software Assurance Forum,

Gaithersburg, MD, October 2008. https://buildsecurityin.us-cert.gov/swa/

downloads/Meftah.pdf.

14. Viega, J., and McGraw, G. (2006), Building Secure Software: How to Avoid Security

Problems the Right Way, Boston: Addison-Wesley.

15. McGraw, G. (2006), Software Security: Building Security In, Boston: Addison-

Wesley, p. 20.

16. IT Law Wiki (2012), “Security Development Lifecycle Definition.” Retrieved

from http://itlaw.wikia.com/wiki/Security_Development_Lifecycle.

17. Microsoft Corporation (2012), “Evolution of the Microsoft SDL.” Retrieved from

http://www.microsoft.com/security/sdl/resources/evolution.aspx.

18. Grembi, J. (2008), Secure Software Development: A Security Programmer’s Guide,

Boston: Course Technology.

19. Ibid.

20. Ibid.

21. Ibid.

22. United States Government (2006), 44 U.S.C., SEC. 3542: United States Code,

2006 Edition, Supplement 5, Title 44; CHAPTER 35 – COORDINATION OF

FEDERAL INFORMATION POLICY, SUBCHAPTER III – INFORMATION

SECURITY, Sec. 3542 – Definitions. Retrieved from http://www.gpo.gov/fdsys/

pkg/USCODE-2011-title44/pdf/USCODE-2011-title44-chap35-subchapIII-

sec3542.pdf.

23. Goertzel, K., et al., for Department of Homeland Security and Department of

Defense Data and Analysis Center for Software (2008), Enhancing the Development

Life Cycle to Produce Secure Software: A Reference Guidebook on Software Assurance,”

Version 2, October 2008. Retrieved from https://www.thedacs.com/techs/

enhanced_life_cycles.

24. Goertzel, K., et al. (2008), Software Security Assurance: State-of-the-Art Report

(SOAR), July 31, 2008. Retrieved from http://iac.dtic.mil/iatac/download/

security.pdf.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 1 - Introduction (4/4)

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 1 - Introduction (4/4)