Software is essential and pervasive in the modern world, but software acquisition, development, operation, and maintenance can involve substantial risk, allowing attackers to compromise millions of computers every year. This groundbreaking text provides a uniquely comprehensive guide to software security, ranging far beyond secure coding to outline rigorous processes and practices for managing system and software lifecycle operations. The text opens with a comprehensive guide to the software lifecycle, covering all elements, activities, and practices encompassed by the universally accepted ISO/IEEE 12207-2008 standard. The authors then proceed to document proven management architecture and process framework models for software assurance, such as ISO 21827 (SSE-CMM), CERT-RMM, the Software Assurance Maturity Model, and NIST 800-53. Within these models, the authors present standards and practices related to key activities such as threat and risk evaluation, assurance cases, and adversarial testing. Ideal for new and experienced cybersecurity professionals alike in both the public and private sectors, this one-of-a-kind text prepares readers to create and manage coherent, practical, cost-effective operations to ensure defect-free systems and software.
Table of Contents
1. Lifecycle Management.
2. The Agreement Processes.
3. Organizational Project Enabling Processes.
4. Project Processes.
5. Technical Processes.
6. Software Implementation Process Group.
7. Software Supporting Processes and Software Reuse.
8. Standard Process Models to Secure Information and Communications Technology.
9. The Systems Security Engineering Capability Maturity Model (ISO 21827).
10. Software Assurance Maturity Model.
11. Building Security In Maturity Model.
12. Aligning the ICT Organization with Regulatory Requirements.