Category:Software Security

Software Security is the process of placing selected security touchpoints within the software development lifecycle. The first official model to include security within software development was published in 1988 and known as the Capability Maturity Model (CMM) by software engineering pioneer Watts Humphrey from IBM. The CMM used research data collected from D.O.D. contractors in a study performed by the Software Engineering Institute (SEI) at Carnegie Mellon University, funded by the United States military. Humphrey published the results of the CMM research in his book Managing the Software Process.

At present, Software Security activities are easily integrated within Agile Development, Waterfall and Prototyping methodologies. Adding security within the delivery pipeline and as part of planned sprint cycles is now a common practice. The acceptable standards are flexible and varying within different organizations. Performing Static Analysis (SAST) on source code, Dynamic Analysis (DAST) on compiled code, adding white-box and gray-box assessments within the Quality Assurance process are examples of activities that classify within the Software Security category. Software Security advocate organizations such as the Open Web Application Security Project (OWASP) and the SANS Institute provide foundational guidelines for software developers and project managers. Historical influencers and proponents of Software Security frameworks are Microsoft with the Security Development LifeCycle (SDL), Software Security pioneer and founder of Cigital-Synopsys Gary McGraw with the BSIMM framework and his book Software Security: Building Security In, OWASP with the Software Assurance Maturity Model (SAMM) and the National Institute of Standards and Technology (NIST) with the special publication document SP 800-64.


This category has only the following subcategory.


Media in category "Software Security"

The following 5 files are in this category, out of 5 total.