2 Core Software Security
and costs for building security in. At the end of the day, software
security is as much a business decision as it is about avoiding secu-
2. Software security and the software development lifecycle. It is
important to know the difference between what are generally known
in software development as software security and application security.
Although these terms are often used interchangeably, we differenti-
ate between them because we believe there is a distinct difference in
managing programs for these two purposes. In our model, software
security is about building security into the software through a SDL
in an SDLC, whereas application security is about protecting the soft-
ware and the systems on which it runs after release.
3. Quality versus secure code. Although secure code is not necessar-
ily quality code, and quality code is not necessarily secure code, the
development process for producing software is based on the prin-
ciples of both quality and secure code. You cannot have quality code
without security or security without quality, and their attributes
complement each other. At a minimum, quality and software secu-
rity programs should be collaborating closely during the develop-
ment process; ideally, they should be part of the same organization
and both part of the software development engineering department.
We will discuss this organizational and operational perspective later
in the book.
4. The three most important SDL security goals. At the core of all
software security analysis and implementation are three core elements
of security: confidentiality, integrity, and availability, also known as
the C.I.A. model. To ensure high confidence that the software being
developed is secure, these three attributes must be adhered to as key
components throughout the SDL.
5. Threat modeling and attack surface validation. The most time-
consuming and misunderstood part of the SDL is threat modeling
and attack surface validation. In today’s world of Agile development,
you must get this right or you will likely fail to make your soft-
ware secure. Threat modeling and attack surface validation through-
out the SDL will maximize your potential to alleviate post-release
discovery of security vulnerabilities in your software product. We
believe this function to be so important that we have dedicated a
SDL section and a separate chapter to this topic.