Operational Security in Software Development
Research conducted by CERT, the computer security incident response team based at the Software Engineering Institute (SEI), indicates that writing quality coding is not enough to ensure system security. Operating platforms, supported user devices, interface designs, linkages with legacy systems, source code management, data exchange protocols, and controls for authentication data among system modules all impact operational security. Incomplete security requirements and poorly planned implementations further contribute to security risk. Using both research and a follow-up case study, Carol Woody describes the things you can do in your development and test organizations to improve operational security. She introduces an analysis technique for evaluating operational risks within the development process and offers guidelines for clearly defining testable security requirements. Discover an approach to coordinate security risks among stakeholders to reduce and possibly eliminate high impact operational security failures.
- The attributes of good operational security
- Incorporate verifiable security requirements into software development
- Steps for a security risk analysis of your current and future systems
Upcoming Events
| Apr 28 |
STAREAST Software Testing Conference in Orlando & Online |
| Jun 02 |
AI Con USA Bridging Minds and Machines |
| Sep 22 |
STARWEST Software Testing Conference in Anaheim & Online |
| Oct 13 |
Agile + DevOps USA The Conference for Agile and DevOps Professionals |
