DISCUSSIONS OF INFORMATION SECURITY must include the security of the software powering those information systems. The scope of securing software extends to the environment in which it is developed, encompassing both technology and processes, fundamental software components such as operating systems, and the applications we use to handle data, whether custom-built, purchased off the shelf, or chosen from open-source repositories. Cloud computing has also introduced new ways of using and consuming software, especially software as a service (SaaS), which shifts many of the responsibilities for securing software from the consumer to a cloud provider.

Software can be both a target and a vector for attacks, ...