WebApp Sec mailing list archives

RE: Corsaire White Paper: Secure Development Framework

From: "James Burnham" <james.burnham () neurealization com>
Date: Tue, 25 May 2004 19:52:14 -0700

A significant set of security concerns are more appropriately considered
functional requirements (as opposed to non-functional), in particular
Authentication/Authorization/Accounting. Including
Authentication/Authorization/Accounting in functional requirements (not
just a separate 'security' section) will help insure security concerns
are addressed in overall system design. Adding these areas as
non-functional requirements tends to lead to missing details in relation
to specific functions, data, rights, etc. 

- James

__________________________________

-----Original Message-----
From: Flanagan, Kevin [mailto:Kevin.Flanagan () bmwfs com] 
Sent: Tuesday, May 25, 2004 1:06 PM
To: 'Glyn Geoghegan'; webappsec () securityfocus com
Subject: RE: Corsaire White Paper: Secure Development Framework

...Even though security is predominantly a non-functional requirement...


With that said, does anyone have any good references for building good
non-functional security requirements for applications (both web and
desktop)...

-Kevin

Current thread:

Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 25)
- <Possible follow-ups>
- RE: Corsaire White Paper: Secure Development Framework Flanagan, Kevin (May 25)
  - RE: Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 26)
  - RE: Corsaire White Paper: Secure Development Framework James Burnham (May 26)