DESIGNING SECURITY INTO SOFTWARE DURING THE DEVELOPMENT LIFECYCLE

摘要

Systems, methods, and computer program products are provided for a comprehensive software security system. The overarching software security system described and claimed herein provides for a system that address all of the concerns and vulnerabilities present at the design level (i.e., new software applications) and the production level (i.e., pre-existing software applications) associated with software. Additionally, the system governs the individual security processes and practices. The software security system defines specific security practices and the timing for application of the practices within the overall software development lifecycle. Additionally, the disclosed software security system takes advantage of role specialization, such as security specialization, to increase effectiveness and limit conflicts of interest within the design process.