WebApp Sec mailing list archives
RE: Corsaire White Paper: Secure Development Framework
From: "James Burnham" <james.burnham () neurealization com>
Date: Tue, 25 May 2004 19:52:14 -0700
A significant set of security concerns are more appropriately considered functional requirements (as opposed to non-functional), in particular Authentication/Authorization/Accounting. Including Authentication/Authorization/Accounting in functional requirements (not just a separate 'security' section) will help insure security concerns are addressed in overall system design. Adding these areas as non-functional requirements tends to lead to missing details in relation to specific functions, data, rights, etc. - James __________________________________ -----Original Message----- From: Flanagan, Kevin [mailto:Kevin.Flanagan () bmwfs com] Sent: Tuesday, May 25, 2004 1:06 PM To: 'Glyn Geoghegan'; webappsec () securityfocus com Subject: RE: Corsaire White Paper: Secure Development Framework ...Even though security is predominantly a non-functional requirement... With that said, does anyone have any good references for building good non-functional security requirements for applications (both web and desktop)... -Kevin
Current thread:
- Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 25)
- <Possible follow-ups>
- RE: Corsaire White Paper: Secure Development Framework Flanagan, Kevin (May 25)
- RE: Corsaire White Paper: Secure Development Framework Glyn Geoghegan (May 26)
- RE: Corsaire White Paper: Secure Development Framework James Burnham (May 26)