Software Security Engineering: A Guide for Project Managers - Softcover

Synopsis

Software developed with security in mind can be counted on to more effectively resist, tolerate, and recover from attacks. However, no single software development practice offers a silver bullet for software security. Software Security A Guide for Project Managers provides readers with a set of sound practices they can selectively adopt to increase the security and dependability of software, both during its development and its operation. The book draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other knowledge to help project managers address security issues in every phase of the software development life cycle (SDLC). This book’s expert authors are not only frequent contributors to the BSI site, but are also senior staff from the Carnegie Mellon Software Engineering Institute (SEI) and Cigital. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and what is “good enough”–understanding that software security risks will change throughout the SDLC Developing secure software depends on understanding the operational context in which it will be used Project managers and software engineers need to learn to think like an attacker in order to address the range of things that software should not do, and how software can better resist, tolerate, and recover when under attack Whether you are a project manager, lead requirements analyst, software architect, or systems integrator, you will learn how to manage secure, software-intensive systems–whether those systems are developed from scratch or through acquired or reused software. You’ll also come away with the tools you need to identify and compare potential new practices that can be adapted to augment your current practices.

"synopsis" may belong to another edition of this title.