Title :
Adopting a software security improvement program
Author :
Taylor, D. ; McGraw, Gary
Author_Institution :
Cigital
Abstract :
Leading software shops (including Microsoft) are working hard to improve the way they build security into their products. Software security initiatives have proven beneficial for those organizations that have implemented them. Such initiatives involve the adoption and rollout of various types of best practices. The article describes an approach that works, with an emphasis on business process engineering that might be unfamiliar to technical practitioners. By following some commonsense steps, a software security improvement program has a greater chance of achieving its ultimate goal: software security that makes business sense.
Keywords :
business process re-engineering; safety-critical software; security of data; best practices; business process engineering; software security improvement program; software shops; Best practices; Computer security; Cultural differences; Life testing; Privacy; Programming; Risk analysis; Software measurement; Software testing; Software tools; software development life cycle;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2005.60
