FIVE STEPS TO BUILT-IN
XXXX
SOFTWARE SECURITY
by George Viegas of Thomson Reuters
"Quality is best built in and not tested out" is a
guiding principle by which all software quality
people abide. Good quality comes from training
developers to write high-quality code. It is built in
by spending time upfront to design and architect the
code correctly. This applies to good security as well.
Security is best built in rather than tested out.
PS
STE N
IVE ILT-I
F U
O B TWARE
T
SOF URITY
SEC
Building security in effectively should consist of five
major milestones:
•Staff security training for secure coding
best practices
•Security requirements
•Product design
•Security testing
•Security in the software development
life cycle (SDLC)
STAFF SECURITY TRAINING
Making staff aware of basic flaws and well-known
vulnerabilities is the first step in secure code
development. For example, a developer who
understands how a SQL injection attack works is
