Abstract

This chapter introduces Domain 8 of the CISSP®, Software Development Security. The most important aspects of this domain are related to managing the development of software and applications. Approaches to software development that attempt to reduce the likelihood of defects or flaws are a key topic in this domain. In particular, the Waterfall, Spiral, and Rapid Application Development (RAD) models of software development are considered. Another significant portion of this chapter is dedicated to understanding the principles of Object-Oriented programming and design. A basic discussion of several types of software vulnerabilities and the issues surrounding disclosure of the vulnerabilities ...