Why Secure Coding is not Enough: Professionals’ Perspective
This paper outlines basic concepts the software community must consider if they are to develop applications and software that is secure. In particular it explains why the common practice of depending on secure coding mechanisms are not enough. Beginning with the drivers for more secure applications and software, and why it is now becoming such an issue, if not a new issue, it examines the problem in terms of why software and applications are delivered without security built in to them and goes on to discuss what we should be doing about it and how we need to go about it, sharing insights that have recently been accumulated by the new and growing community of Certified Secure Software Development Lifecycle professionals.
KeywordsSecurity Requirement Security Control Privacy Requirement Secure Software Development Life Cycle
Unable to display preview. Download preview PDF.
- Paul, Mano CISSP, MCAD, MCSD, Network+, ECSA, Software Assurance Advisor, (ISC) 2 Whitepaper: The Need for Secure Software, (ISC), 2008Google Scholar
- Paul, Mano CISSP, MCAD, MCSD, Network+, ECSA, Software Assurance Advisor, (ISC) 2 Whitepaper: Ten Best Practices for Secure Software Development Google Scholar