2014 | ISBN-10: 1466560959 | 416 pages | PDF | 5,6 MB
There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software.
Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source.
Supplies a practitioner's view of the SDL
Considers Agile as a security enabler
Covers the privacy elements in an SDL
Outlines a holistic business-savvy SDL framework that includes people, process, and technology
Highlights the key success factors, deliverables, and metrics for each phase of the SDL
Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT
Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework