SOFTWARE DEVELOPMENT SECURITY IS a security discipline covering a variety of concerns. These concerns span the security of the development environment, software and component security, application security, and the secure development lifecycle. It is a necessary and essential part of an organization’s overall security strategy. The world we live in has become a place that, more often than not, runs on software. Unfortunately, software contains vulnerabilities that present a variety of significant risks.
Software applications are increasingly becoming the vector of choice for attackers. As vendors harden their operating systems, the application stack, often developed by less security-aware developers, provides a broad attack surface for potential compromise. Securing something as pervasive and essential as software is a multilayered and multifaceted discipline. Software development security is about more than just the code.
This chapter is about software development security. It provides a comprehensive exposition of software development security. It describes how to integrate security into the software development lifecycle (SDLC). Securing the software development environment with necessary security controls is discussed. This chapter discusses ways to assess the effectiveness of software security, of software developed both in-house and elsewhere. Finally, this chapter goes through secure coding guidelines and standards.