Building more secure software with improved development processes

被引：24

作者：

Howard, M

机构：

来源：

IEEE SECURITY & PRIVACY | 2004年 / 2卷 / 06期

关键词：

D O I：

10.1109/MSP.2004.95

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Various aspects to be considered by software developers, while integrating security into software development process to build more secure software are discussed. A central security team defines process requirements and defines and build tools to perform code and design reviews and also provides education for the software development staff. A secure design principles such as least privilege, reduced attack profile, simplicity, fail-closed defaults alo offers good design concepts. The response process also helps the product and security teams to adapt development processes to prevent similar errors from appearing in the future.

引用

页码：63 / 65

页数：3

共 9 条

[1]

[Anonymous], PROCESSES PRODUCE SE

[2]

HOWARD M, 2003, MSDN MAGAZINE NOV

[3]

LeBlanc M., 2002, WRITING SECURE CODE, V2nd

[4] Software security [J].

McGraw, G .

IEEE SECURITY & PRIVACY, 2004, 2 (02) :80-83

[5]

SALTZER J, 2000, SALTZERS SCHROEDERS

[6]

SALTZER J, 1975, PROTECTION INFORMATI

[7]

Swiderski F., 2003, THREAT MODELING

[8]

Viega J., 2003, Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation and More

[9]

Viega J., 2001, BUILDING SECURE SOFT

← 1 →