Abstract :
The article provides a guide to the major issues involved in the production of secure software, and outlines an approach for ensuring that where it is of benefit, then security can be achieved without risk to overall IT programmes, with expenditure firmly under the control of project management. The approach is sufficiently general to be applicable to bespoke development, product-based approaches, and the addition of security to existing environments
