WebApp Sec mailing list archives

Secure software development documents

From: udayan pathak <udayan_pathak () yahoo com>
Date: Mon, 26 Jul 2004 04:18:54 -0700 (PDT)

Hi everyone

I have a query!
 

What are the documentation standards being followed as
far as secure software development is concerned? I
find that in the current software development process
the document generated do not/ barely cover the
security of the application being developed.

All the normal documents for requirement
specification, requirement tracking, high level and
low level design documents etc have nothing more than
a small section in their template format for security,
which looks more like a formality and hardly serves
the purpose.

Especially as far a software testing is concerned one
gets the feeling that the provision for security
testing in test cases gets diluted in the sea of
functionality testing.

Has anyone got any insights into this? or any other
standard being followed ?

Please let me know

 

Udayan Pathak


        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Current thread:

Secure software development documents udayan pathak (Jul 26)
- Re: Secure software development documents roger . smith (Jul 26)
- <Possible follow-ups>
- RE: Secure software development documents Scovetta, Michael V (Jul 26)
  - RE: Secure software development documents Mark Curphey (Jul 26)
- RE: Secure software development documents Dinis Cruz (Jul 27)
- RE: Secure software development documents Asanka Priyanjitih (Jul 27)