Design and Development (A3): SDL Activities and Best Practices 149
general idea of what security looks like and can avoid failure in this area
by incorporating the long-accepted properties of confidentiality, integrity,
and availability into the design principles. There are of course different
views of security, from that of a software developer, who may think of
security primarily in terms of quality; to that of a network administra-
tor, who may think of security in terms of firewalls, IDS/IPS systems,
incident response, and system management; or even those of managers
and academics, who may think of security mostly in terms of the classic
design principles described above or in terms of various security models.
All these viewpoints are important in building secure systems and relevant
to modeling the overall threat to your software. You must stay focused on
the ultimate prize when designing security in: the potential exploitation
of the software you are developing.
Detailed design artifacts are used to build each software component
needed to satisfy the use case requirements required to effectively design
your software for security. A thorough analysis of each software artifact
for possible vulnerabilities is conducted for every feature, property, and
service that exists in every component. As a result of analyzing each soft-
ware component for the use cases and in misuse case scenarios identified
through the processes described in Chapter 4, developers will be able to
design appropriate countermeasures up front and transparently, so that
the entire team is able to see how software security is being handled in the
application. As a result, the use case concepts can be converted to actual
software requirement specifications. As the developers review the specific
application software they are developing, they should also assess any vul-
nerabilities found in the associated ecosystem it will support, including
its network, architecture, and supporting software. It is also important
for the development security team to stay current with the latest vulner-
abilities that may affect your specific software and associated ecosystem,
both pre- and post-release, to prepare for new potential planes of attack
previously unknown or discovered, both internally and externally. It will
be much easier and less expensive to fix or develop a countermeasure to
an identified risk as the software is being designed and developed than
after it is released. Although the secure design of the code is critical and
of upmost importance, mistakes will be made, new attack methodologies
will be discovered and will continue to drive the need to research and
assess new methods of attack and vulnerabilities long after the product has
shipped and likely until it reaches end of life. This of course is why it is so
important to minimize the attack surface through the methods described