Applying the SDL Framework to the Real World 257
production is the heart of software development. In some methodologies,
there may be some design work that occurs just before writing, or even as
code is developed. Whatever the approach, there are table-stake tasks that
lie at the very heart of secure development: correctness for security, peer
review, and static analysis (if available).
None of these tasks, by itself, constitutes a silver bullet activity that
will deliver secure software. Each task complements the others. Creating a
secure and securable architecture, with flows that can be understood and
with controllable trust boundaries, enables the software’s features to be
written into an environment that supports security. A thoughtful security
architecture should require those features that will foster secure deploy-
ment and usage. Once the architecture supports the required security fea-
tures, these can be designed from the start rather than attempting to bolt
security on after the fact.
Since secure coding is still very much an art, with local language and
runtime variations adding to complexity, a strong, real-world SDL oper-
ates by “trust but verify.” Trust your developers to write secure code. But
check that code with multiple, independent, and complementary assur-
ance methods: peer review, static analysis, functional testing, and dynamic
analysis of the input paths.
In short, prepare for security, think about how to implement required
features, build these, then test the code to make sure that the security fea-
tures work as intended and that no vulnerabilities have been introduced
while coding.
We believe that, ultimately, software security is a problem that peo-
ple must solve; technology is merely an extension of the human mind.
Relationships, as we will see, are the key to a successful SDL. Obviously,
humans design, write, and test code. Humans must do each of these
things with security in mind in order for the finished product to have all
the attributes that comprise “secure software.” Since execution of each of
the SDL tasks requires intelligent, highly skilled, creative people, it is the
people who execute the SDL who are the most important ingredient. As
we explore each portion of the secure development lifecycle, we will take
note of the approaches that strengthen relationships and provide people
with motivation to produce secure software.
Figure 9.1 illustrates the flow of activities through the SDL:
Architect => Design => Code => Test