Software Security Essay

2991 words - 12 pages

-------------------------------------------------
Abstract
This describes the need for and the challenges of building secure software, general principles of secure software development, and the key elements of a secure software life cycle process.
Key Highlights of Term Paper
* Software’s Vulnerability to Attack 
* The Challenge of Building Secure Software 
* Software Assurance 
* General Principles of Secure Software Development 
* What the Software Practitioner Needs to Know 
* Integrating Security into the Software Life Cycle
-------------------------------------------------
Software’s Vulnerability to Attack
What makes it so easy for attackers to target ...view middle of the document...

The security of software is threatened at various points throughout its life cycle, both by inadvertent and intentional choices and actions taken by “insiders”—individuals closely affiliated with the organization that is producing, deploying, operating, or maintaining the software, and thus trusted by that organization—and by “outsiders” who have no affiliation with the organization. The software’s security can be threatened
* During its development: A developer may corrupt the software—intentionally or unintentionally—in ways that will compromise the software’s dependability and trustworthiness when it is operational.
* during its deployment (distribution and installation): If those responsible for distributing the software fail to tamperproof the software before shipping or uploading, or transmit it over easily intercepted communications channels, they leave the software vulnerable to intentional or unintentional corruption. Similarly, if the software’s installer fails to “lock down” the host platform, or configures the software insecurely, the software is left vulnerable to access by attackers.
* during its operation: Once COTS and open source software has gone operational, vulnerabilities may be discovered and publicized; unless security patches and updates are applied and newer supported versions (from which the root causes of vulnerabilities have been eliminated) are adopted, such software will become increasingly vulnerable. Non-commercial software and open source software (OSS) may also be vulnerable, especially as it may manifest untrustworthy behaviours over time due to changes in its environment that stress the software in ways that were not anticipated and simulated during its testing. Any software system that runs on a network-connected platform has its vulnerabilities exposed during its operation. The level of exposure will vary depending on whether the network is public or private, Internet-connected or not, and whether the software’s environment has been configured to minimize its exposure. But even in highly controlled networks and “locked down” environments, the software may be threatened by malicious insiders (users, administrators, etc.).
* during its sustainment: If those responsible for addressing discovered vulnerabilities in released software fail to issue patches or updates in a timely manner, or fail to seek out and eliminate the root causes of the vulnerabilities to prevent their perpetuation in future releases of the software, the software will become increasingly vulnerable to threats over time. Also, the software’s maintainer may prove to be a malicious insider, and may embed malicious code, exploitable flaws, etc., in updated versions of the code.
Both research and real-world experience indicate that correcting weaknesses and vulnerabilities as early as possible in the software’s life cycle is far more cost-effective over the lifetime of the software than developing and releasing frequent security...

Other Papers Like Software Security

Linux Essay

276 words - 2 pages only one computer installation. Another advantage you gain from installing Linux onto your computer is the fact that this software has stronger security than other OS. There is your choice is another great advantage of using Linux over other operating systems. This is because the user is allowed to control almost all aspects of the system. Majorly, you will be allowed to change how your desktop looks and feels. Fourthly Linux software is packed

Report of Software Maintence

4182 words - 17 pages • Interface with other software • Adapt programs so that different hardware,software, system features, and telecommunications facilities can be used • Migrate legacy software • Retire software. Five key characteristics comprise the maintainer’s activities: • Maintaining control over the software’s day to-day functions • Maintaining control over software modification • Perfecting existing functions • Identifying security threats and

Ceh Executive Proposal

1242 words - 5 pages Executive Proposal CMIT 321 Certified Ethical Hacking Kowaine Baker University of Maryland University College Executive Proposal The Solarwinds software was developed to assist in management and addressing of security exploits, real-time network health and change management among other areas of today’s ever changing Information Technology (IT) data environment. This software assists the security manager in safeguarding vital business

For My Study

1086 words - 5 pages Documentation are licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Privacy statement: Opera Software ASA strives to protect the security and privacy of the users of its products, and will strictly protect the security of the users’ personal information, within the confines of the Opera domain. The Opera Software ASA privacy

Build a Web Applications and Security Development Life Cycle Plan

2026 words - 9 pages Build a Web Applications and Security Development Life Cycle Plan What are the elements of a successful SDL? The elements of a successful SDL include a central group within the company (or software development organization) that drives the development and evolution of security best practices and process improvements, serves as a source of expertise for the organization as a whole, and performs a review (the Final Security Review or FSR) before

Preventing Security Breaches: Collaborative Summary

553 words - 3 pages Systems (KIOSK), offers licensing options for deplorers to secure their self-service retail platforms with Intel Security's McAfee Integrity Control technology before shipment and installation. Looks as if McAfee has taken their security software that is distributed to the average home CPU user and have expanded upon it to create and offer the consumer protection through their McAfee Integrity Control software, which provides extensive protection

Introduction to Information Security Student

1249 words - 5 pages Security –The 1960 –The 1970 to 80 –The 1990 –2000 to present The History of Information Security The need for computer security — that is, the need to secure physical locations, hardware, and software from threats arose during World War II when the first mainframes, developed to aid computations for communication code breaking were put to use The History of Information Security 嗗 Multiple levels of security were implemented to protect these

Access Control Methods for Companies

614 words - 3 pages control mechanism for most desktop operating systems. Which is appropriate for the company because they are desktop dependant. This allows for enforcement of a good security policy. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. For this scenario I would implement Role Based/ Software controls. With software controls you can determine who has the

Research

632 words - 3 pages $1,255General Ledger 850Accounts Payable 850Import Master 645TOTAL SOFTWARE $3,600 | Tasks / Hours | Installation Plan 9Identify ResponsibilitiesEstablish ScheduleSelect Conversion Date | Installation of Software 5Install Model 60 Modules on NetworkSet Terminal ID's and PreferencesSet Printers and DefaultsEstablish Security | Implementation of Modules 9Establish Parameter and Master FilesGL, AP, and Custom Financial Statements | Training: All

Lost Of Innocence

632 words - 3 pages $1,255General Ledger 850Accounts Payable 850Import Master 645TOTAL SOFTWARE $3,600 | Tasks / Hours | Installation Plan 9Identify ResponsibilitiesEstablish ScheduleSelect Conversion Date | Installation of Software 5Install Model 60 Modules on NetworkSet Terminal ID's and PreferencesSet Printers and DefaultsEstablish Security | Implementation of Modules 9Establish Parameter and Master FilesGL, AP, and Custom Financial Statements | Training: All

Research Paper on It Fields

761 words - 4 pages both very critical for any business or company if they want to keep their data safe from hackers and if they want to develop software that will help their company succeed. REFERENCES (C., Veronica, 2013) (Occupational Outlook Handbook, 2014-15 Edition, Software Developers, 2014) (Occupational Outlook Handbook, 2014-15 Edition, Information Security Analysts , 2014) (Tucker Cummings, 2014)

Related Essays

Inf 220 Assignment 4 Evaluating Security Software

343 words - 2 pages In this paperwork MGT 325 WEEK 3 Discussion Questions 1 (Measuring Performance) you will find solution on the following task: "There are two ratios which are used to measure airline performance. One measures efficiency while the other measures equipment utilization. Is this sufficient? In 200 Business - Marketing Capital Structure Theory in general assumes that: ·  A firm's value is determined by capitalizing (discounting) the

Code Obfuscation Essay

258 words - 2 pages Code Obfuscation One of a company's biggest concerns is that their software falls prey to reverse engineering. A secret algorithm that is extracted and reused by a competitor can have major consequences for software companies. Also secret keys, confidential data or security related code are not intended to be analysed, extracted and stolen or even corrupted. Even if legal actions such as patenting and cyber crime laws are in place, reverse

Course Discription Essay

968 words - 4 pages Stallings, W., & Brown, L. (2008). Computer security principles and practice. Pearson Education, Inc. Software Microsoft® Project 2010 (Virtual Desktop) Microsoft® Visio® 2010 (Virtual Desktop) Microsoft® Excel® 2010 (Virtual Desktop) Microsoft® Word 2010 (Virtual Desktop) All electronic materials are available on the student website. Supplemental Resource Microsoft. (2012). Microsoft Office Project 2010. Hoboken, NJ

Fast Growing Organization Due To Software Defined Data Center Market

581 words - 3 pages network, server and storage according to the organization’s demand. This helps the organization to eliminate the hardware part of its current system and manage entire infrastructure through the use of a software system. Software defined data center helps to mitigate the risk of organizations such as cost associated with memory and power and IT security. Software defined data center consist of three core components namely software defined