Operational Security in Software Development
Research conducted by CERT, the computer security incident response team based at the Software Engineering Institute (SEI), indicates that writing quality coding is not enough to ensure system security. Operating platforms, supported user devices, interface designs, linkages with legacy systems, source code management, data exchange protocols, and controls for authentication data among system modules all impact operational security. Incomplete security requirements and poorly planned implementations further contribute to security risk. Using both research and a follow-up case study, Carol Woody describes the things you can do in your development and test organizations to improve operational security. She introduces an analysis technique for evaluating operational risks within the development process and offers guidelines for clearly defining testable security requirements. Discover an approach to coordinate security risks among stakeholders to reduce and possibly eliminate high impact operational security failures.
- The attributes of good operational security
- Incorporate verifiable security requirements into software development
- Steps for a security risk analysis of your current and future systems