Architecture and Design Considerations - Build Security In - US-CERT
Architecture and Design Considerations - Build Security In - US-CERT
Architecture and Design Considerations - Build Security In - US-CERT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Participants in the SwA Forum’s Processes & Practices Working Group collaborated with the Technology& Tools Working Group<br />
in developing the material used in this pocket guide with a goal of raising awareness on how to incorporate SwA throughout the<br />
Software Development Life Cycle (SDLC).<br />
<strong>In</strong>formation contained in this pocket guide comes primarily from the documents listed in the Resource boxes that appear<br />
throughout this pocket guide.<br />
Special thanks to the Department of Homel<strong>and</strong> <strong>Security</strong> (DHS) National Cyber <strong>Security</strong> Division's Software Assurance team,<br />
Robert Seacord, <strong>and</strong> Dan Cornell; who provided much of the support to enable the successful completion of this guide <strong>and</strong><br />
related SwA documents.<br />
Resources<br />
» “Software <strong>Security</strong> Assurance: A State-of-the-Art Report”(SOAR), Goertzel, Karen Mercedes, et al.,<br />
<strong>In</strong>formation Assurance Technology Analysis Center (IATAC) of the DTIC. 31 July 2007.<br />
.<br />
» “Guide to the Software Engineering Body of Knowledge (SWEBOK).” IEEE Computer Society, 2004.<br />
.<br />
» “Microsoft <strong>Security</strong> Development Lifecycle (SDL) – Process Guidance.” Microsoft Developer Network<br />
(MSDN), .<br />
» “The Ten Best Practices for Secure Software Development”, Mano Paul, (ISC) 2 ,<br />
.<br />
<strong>Architecture</strong> <strong>and</strong> <strong>Design</strong> <strong>Considerations</strong> for Secure Software 2