This chapter builds on Chapter 5 by detailing the software component based on the premise that “subjects use computers and programs (software) to access objects.” To secure the valuable information assets properly, the entire path between the subject and the object must be secure, and the path through the computer and applications must be trusted not to be the source of a security breach. If this path cannot be trusted, the breach will likely occur here, and all the other security controls will not help protect the assets.

This chapter describes the ways software introduces vulnerabilities into the information systems, the way applications are developed, and the various techniques that are used in the effort ...