How to Start a Secure Software Development Program Part 1: The Evolution of Secure Software Development

Abstract

Software security is the activity of trying to make software behave under intentional malicious attack. And so, we already have a problem, as most software professionals know, just trying to make software work in normal day to day circumstances without adding in malicious attackers. When you add malicious attackers to the equation, things get a little trickier. I think what happened in terms of business, especially in the financial services arena, is that Sarbanes-Oxley caused public companies to realize how much exposure they have on the software risk front. And they started asking questions about "where all this software came from," and the answer was "they built it themselves." "And how many developers they had on staff," and the answer was "sometimes tens of thousands." And this notion of trying to get a handle on software risk, in order to get a handle on business risk, was what really drove financial services.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2008
Accession Number
AD1147225

Entities

People

  • Gary Mcgraw
  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Best Practices
  • Commerce
  • Computer Network Security
  • Computer Programming
  • Computer Programs
  • Copyrights
  • Cycles
  • Engineering
  • Homeland Security
  • Leadership
  • Life Cycles
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Software Development
  • Training
  • Universities
  • Web Applications

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Economics