Building Security Into The Software Life Cycle, A Business Case presented at Blackhat USA 2005

by Marco M. Morana,

Tags: Security Business

Summary : The times of designing security software
as a matter of functional design are over. Positive security functional
requirements do not make secure software. Think risk driven design,
think like an attacker, think about negative scenarios during the early
stages of the application development from misuse and abuse cases during
inception, to threats, vulnerabilities and countermeasures during
elaboration, secure coding during construction and secure testing and
penetration testing during transition to the production phase. The short
turbo talk objective is not to cover the academics of secure software,
but to talk about a business case where software security practices and
methodologies are successfully built into software produced by a very
large financial institution. Both strategic and tactical approaches to
software security are presented and artifacts that support a secure
software development methodology. The critical link between technical
and business risk management is proven along with business factors that
drive the case of building secure software into a financial