Chapter 6. Software Acceptance

During the secure software development cycle, it is critical that secure software issues be addressed prior to deployment. Specifying and including secure software principles as an integral part of the development life cycle rather than attempting to correct vulnerabilities after delivery of the software system will result in lower costs. Costs to repair software defects are much lower in the pre-deployment phase than in the post-deployment phase.

If used during the system software test phase prior to deployment, black box security tests can be an effective means to uncover and address software security issues and reduce risk.

If software vulnerabilities or security failures emerge during the post-deployment phase of the secure software system development life cycle, they are usually the result of design or development errors that were not detected due to inadequate testing paradigms.

In this chapter, pre-release and pre-deployment software system completion criteria, risk acceptance, and disaster recovery/business continuity planning will be addressed along with post-release testing, validation, and verification.

Pre-release or Pre-deployment Activities

During the delivery and completion phases of the software supply process, final reports of the test management system are provided to the acquirer as part of the project completion documentation. A set of test data should be created that verifies that all specified quality control test points have been ...

Get The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.