Docstoc

Software Security Engineering Takeaways

Document Sample
Software Security Engineering Takeaways Powered By Docstoc
					Requirements
     20% of program code accounts for 80% of defects Error-prone code may cost as much 4X as much to develop Reworking defective requirements, design, and code typically accounts for 40% to 50% of total cost of software development Each hour an organization spends on defect prevention, reduces repair time in production by 3 to 10 hours Worst case is that reworking software requirements problem once the software is in operation typically costs 50 to 200 times what it would take to rework during the requirements phase o A one-sentence requirement could expand to 5 pages of design diagrams, thousands of lines of code, dozens of test cases, etc. Approximately 60% of all defects usually exist by design time o Meaning: Requirements are where most defects are born If an issue during design costs $1 to resolve, it grows to $60 to $100 dollars after release

 

Security
 Achieving an adequate level of security—must define adequate o What is the value we must protect? o To sustain this value, which assets must be protected? o Why must these assets be protected? Software Assurance o Trustworthiness o Predictable Execution o Conformance Core Properties of Secure Software o Confidentiality  Any characteristics of the software is obscured or hidden from unauthorized entities o Integrity  The software an its managed assets must be resistant and resilient to subversion by unauthorized entities and unauthorized modifications made by authorized entities o Availability  The software must be operational and accessible to its intended authorized users, whenever needed, and at the same time remains inaccessible to those entities deemed unauthorized o Accountability  All security-relevant actions of the user must be recorded and tracked o Non-repudiation





o

o

All actions performed by the user must be documented in a way that the user cannot disprove or deny responsibility for their actions Influential Properties of Secure Software  Dependability  Correctness  Predictability  Reliability  Safety Further Influences on the Properties of Secure Software  Size  Complexity  Traceability 


				
DOCUMENT INFO
Shared By:
Stats:
views:21
posted:8/9/2009
language:English
pages:2
Description: Security isn't a feature, it is an engineering discipline that stands on its own