Software Development and Quality Assurance

Pascal Meunier, Purdue University


Metaissues in Software Development

Software Development Models

Capability Maturity Models


Requirements and Design


Secure Design Principles

Best Practices


Quality Assurance in Coding and Testing

Coding Style

Secure Programming

Code Reviews




Cross References



This chapter, which has for its title the subject of many books, focuses on current observations, practices, consideration, and techniques that appear most effective in producing secure and trustworthy software. This chapter does not address related software engineering issues, such as obtaining predictions of release readiness, software quality metrics and quality models, or modularization and layer models. With reference to the common criteria EALs (evaluation assurance levels), the content is appropriate for low- and medium-assurance software projects (EALs 1–4). Because commercial, off-the-shelf software (COTS) rarely reaches EAL 4, this chapter is relevant for most COTS projects. Another chapter in this handbook focuses on high-assurance efforts (EALs 5–7).

The current state of COTS is grim. The ICAT ( vulnerability database contains more than 6,600 vulnerability entries (as of May 2004). Crackers think that they are clever for finding them and releasing exploits. Spam e-mail marketing, after getting banned and pursed away from ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.