CrossTalk: The Journal of Defense Software Engineering. Volume 18, Number 10

Engineering Security Into the Software Development Life Cycle, by Gary M. McGraw and Nancy R. Mead -- The Build Security In Software Assurance Initiative promotes less vulnerable software with security built in from the start. Creating a Software Assurance Body of Knowledge, by Samuel T. Redwine Jr. -- This article presents an initiative to assemble the knowledge to acquire, develop, and sustain secure software with functionality. Designing for Disaster: Building Survivable Information Systems, by Ronda R. Henning -- Designing survivability measures into an information system from the start allows continued operations through failure scenarios. Sixteen Standards-Based Practices for Safety and Security, by Dr. Linda Ibrahim -- The 16 practices presented in this article help establish a safety and security capability, identify and manage risks, and assure product safety and security throughout the life cycle. The Information Technology Security Arms Race, by Dr. Steven Hofmeyr -- This author discusses how an intrusion prevention system can fill the need for new technology defenses to protect against new information attack technologies. The MILS Architecture for a Secure Global Information Grid, by Dr. W. Scott Harrison, Dr. Nadine Hanebutte, Dr. Paul W. Oman, and Dr. Jim Alves-Foss -- With the Multiple Independent Levels of Security safety architecture, guards act to filter and enforce information flow, allowing large systems to have partitions small enough to verify. Application Security: Protecting the Soft Chewy Center, by Alec Main -- Application security is rising up to protect from the inside out by implementing defensive techniques into top-level applications and data.