Software Security Engineering: A Guide for Project Managers
“This book’s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the d...
Gespeichert in:
Hauptverfasser: | , , , , |
---|---|
Format: | Buch |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | “This book’s broad overview
can help an organization choose a set of processes, policies, and
techniques that are appropriate for its security maturity, risk
tolerance, and development style. This book will help you
understand how to incorporate practical security techniques into
all phases of the development lifecycle.” —Steve
Riley, senior security strategist, Microsoft Corporation“There are books written on some
of the topics addressed in this book, and there are other books on
secure systems engineering. Few address the entire life cycle with
a comprehensive overview and discussion of emerging trends and
topics as well as this one.” —Ronda
Henning, senior scientist-software/security queen, Harris
CorporationSoftware that is developed from the
beginning with security in mind will resist, tolerate, and recover
from attacks more effectively than would otherwise be possible.
While there may be no silver bullet for security, there are
practices that project managers will find beneficial. With this
management guide, you can select from a number of sound practices
likely to increase the security and dependability of your software,
both during its development and subsequently in its operation.Software Security
Engineering draws extensively on the systematic
approach developed for the Build Security In (BSI) Web site.
Sponsored by the Department of Homeland Security Software Assurance
Program, the BSI site offers a host of tools, guidelines, rules,
principles, and other resources to help project managers address
security issues in every phase of the software development life
cycle (SDLC). The book’s expert authors, themselves frequent
contributors to the BSI site, represent two well-known resources in
the security world: the CERT Program at the Software Engineering
Institute (SEI) and Cigital, Inc., a consulting firm specializing
in software security.This book will help you understand why
Software security is about more than just
eliminating vulnerabilities and conducting penetration tests
Network security mechanisms and IT
infrastructure security services do not sufficiently protect
application software from security risks
Software security initiatives should
follow a risk-management approach to identify priorities and to
define what is “good enough”—understanding that
software security risks will change throughout the SDLC
Project managers and software engineers
need to learn to think like an attacker in order to address the
range of functions that |
---|