Secure Coding: Building Security into the Software Development Life Cycle

摘要

Many of the security properties that are outlined repeatedly in the newer regulations and standards can easily be side-stepped. Too often the culprits are unsophisticated software development techniques, a lack of security-focused quality assurance, and scarce security training for software developers, software architects, and project managers. To meet future needs, opportunities, and threats associated with information security, security needs to be "baked in" to the overall systems development life-cycle process. Information security and privacy loom ever larger as issues for public and private sector organizations alike today. Govern- ment regulations and industry standards attempt to address these issues. Computer hardware and software providers invest in meeting both regulatory and market demands for information security and privacy. And individual organizations — corporations and government agencies alike — are voicing concern about the problem.