6. SOFTWARE DEVELOPMENT AND LIFE CYCLE - Information Security Management Principles

6 SOFTWARE DEVELOPMENT AND LIFE CYCLE

In this chapter we discuss security issues that arise from the development, testing and implementation of new software. The ongoing life cycle of software is also a concern and is addressed here.

The reader should gain an understanding of the importance and appropriate audit and review processes, and of effective change control and configuration management. They will learn about the differences in security between open source and propriety solutions, commercial off-the-shelf software and bespoke systems, and certified and non-certified systems. They will also learn about some of the techniques involved in reducing the security risks in the development of code.

TESTING, AUDIT AND REVIEW

Learning outcomes ...

Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Management Principles - Second edition by David Alexander, David Sutton, Andy Taylor, Amanda Finch

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly