• DocumentCode
    1286789
  • Title

    Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities

  • Author

    Diamant, John

  • Author_Institution
    Hewlett-Packard
  • Volume
    9
  • Issue
    4
  • fYear
    2011
  • Firstpage
    80
  • Lastpage
    84
  • Abstract
    The software industry would benefit from more emphasis on avoiding security mistakes in the first place. That means security requirements analysis and architecting and designing security in, an approach that´s currently rare but that provides substantial benefits. The most common approaches to the latent (generally called 0-day) vulnerability problem fall into one of two categories: Do nothing. Wait for vulnerabilities to be discovered after release, and then patch them. Test security in. Implement code with vulnerabilities, and invest in finding or removing as many vulnerabilities as practical before release or production.
  • Keywords
    DP industry; security of data; security architecture; security mistakes; security requirements analysis; software industry; vulnerabilities; Computer architecture; Computer security; Investments; Product life cycle management; Software development; 0-day; HP Comprehensive Applications Threat Analysis; W. Edwards Deming; architectural threat analysis; dynamic application security testing; security and privacy; security quality; security requirements gap analysis; security vulnerabilities; software development; static application security testing; zero day;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2011.88
  • Filename
    5968094
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1286789