This knowledge unit describes techniques for including security considerations throughout the design of software.
Topics
- Derivation of security requirements: Beginning with business, mission, or other objectives, determine what security requirements are necessary to succeed. These may also be derived, or changed, as the software evolves.
- Specification of security requirements: Translate the security requirements into a form that can be used (formal specification, informal specifications, specifications for testing).
- Software development lifecycle/Security development lifecycle: Include the following examples: waterfall model, agile development and security.
- Programming languages and type-safe languages: Discuss the problems that programming languages introduce, what type-safety does, and why it is important.
Suggestions Accepted for consideration for the next Edition:
Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.