WebApp Sec mailing list archives
RE: Corsaire White Paper: Secure Development Framework
From: "Flanagan, Kevin" <Kevin.Flanagan () bmwfs com>
Date: Tue, 25 May 2004 16:05:43 -0400
This is a fairly well-written high-level review of the software design process. It leaves out details on introducing security into the business requirements process. Even though security is predominantly a non-functional requirement, I feel that if you are going to ask a development team to design, build, and test something, you should have some fairly specific requirements around how you expect that application to behave. This is even more important if you are going to be outsourcing development. I feel you can save a lot of confusion if you can articulate security requirements for an application before the design even starts. With that said, does anyone have any good references for building good non-functional security requirements for applications (both web and desktop). I guess a lot of this can be covered in terms of application development standards that go across any application development, but has anyone successfully implemented security controls (standards, guidelines, etc.) around the requirements process? -Kevin -----Original Message----- From: Glyn Geoghegan [mailto:glyng () corsaire com] Sent: Tuesday, May 25, 2004 2:30 AM To: webappsec () securityfocus com Subject: Corsaire White Paper: Secure Development Framework Hi all, Corsaire's latest paper on strategies for produce secure web-applications is now available at: http://www.corsaire.com/white-papers/ This white paper deals with developing a secure framework, both for internal and outsourced development. Within this context, secure development is considered to be the process of producing reliable, stable, bug and vulnerability free software. This paper focuses on why a secure development framework is needed, touches on its benefits and provides an overview of how organisations can implement such strategies successfully. A simple software development model is used as an example in the paper, but the theories are expected to be developed and adapted to suit the specific methodologies and goals of any environment. Regards, Glyn Geoghegan www.corsaire.com +44 (0) 1483 226000
Current thread:
- Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 25)
- <Possible follow-ups>
- RE: Corsaire White Paper: Secure Development Framework Flanagan, Kevin (May 25)
- RE: Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 26)
- RE: Corsaire White Paper: Secure Development Framework James Burnham (May 26)