Abstract :
The software industry would benefit from more emphasis on avoiding security mistakes in the first place. That means security requirements analysis and architecting and designing security in, an approach that´s currently rare but that provides substantial benefits. The most common approaches to the latent (generally called 0-day) vulnerability problem fall into one of two categories: Do nothing. Wait for vulnerabilities to be discovered after release, and then patch them. Test security in. Implement code with vulnerabilities, and invest in finding or removing as many vulnerabilities as practical before release or production.
Keywords :
DP industry; security of data; security architecture; security mistakes; security requirements analysis; software industry; vulnerabilities; Computer architecture; Computer security; Investments; Product life cycle management; Software development; 0-day; HP Comprehensive Applications Threat Analysis; W. Edwards Deming; architectural threat analysis; dynamic application security testing; security and privacy; security quality; security requirements gap analysis; security vulnerabilities; software development; static application security testing; zero day;
