Security (9/10)


Security for the software engineering, like safety for the civil engineer, is the most important part of the job. Although the software team and hardware team are the implementers of secure projects, the software engineer with their overall vision has to be the driver for insuring that the discipline of security is observed.

Getting up to speed on security

To get up to speed with security, these webcasts are excellent resources, they were selected for general information about system level considerations down to software security issues such as the buffer overflow:

Virtual Hands on Labs that focus on security

To do this software engineers need to have some hands on training in security, there are many books and websites that describe how to do security, but getting experience can be difficult. These virtual hands on labs are great ways to better understand the process of securing software:

Securing software and hardware projects is difficult. This section is short on word, in hopes that you will use the webcasts, which are about one hour in length, and work through the hands-on-labs which take about 90 minutes each. Once you have a general idea of what security is, mainly by viewing the webcasts and virtual hands-on-labs, you will need to create a security plan.

Security Plan [x]

The Security Plan describes how the solution will be brought to acceptable security levels in order to operate successfully. This plan describes what security threats will exist and how implementing security standards will mitigate those.

The Security Plan will identify development, test, and deployment activities that will design, build, and implement a secure solution. Those activities will be incorporated into the teams’ plans and increase customer confidence that the solution will meet with security expectations. The process of developing the Security Plan produces a series of security standards intended to reduce the security risks to an acceptable level. Before these security standards can be implemented, the customer should decide whether the implementation costs of the measures aligns with risk reduction, and whether the risks are reduced to an acceptable level.






[vi] Writing secure code HOL:




[x] Security Plan.doc; MSF Process Template for CMMI Process Improvement - v4.1;; 8/2007