The Seven Qualities of Highly Secure Software

Thursday, August 23, 2012

Ben Rothke


One of the memorable quotes from the movie Bull Durham was: "This is a very simple game. You throw the ball, you catch the ball, and you hit the ball." 

Application development security is like baseball - you learn to write secure code, you write secure code, test the code, and then deploy it.

If it were only that easy.  But in The 7 Qualities of Highly Secure Software, author Mano Paul details the 7 qualities needed to design, develop and deploy secure software.

The 7 qualities Paul writes on are:

  1. Security Is Built In, Not Bolted On
  2. Functionality Maps to a Security Plan
  3. Includes Foundational Assurance Elements
  4. Is Balanced
  5. Incorporates Security Requirements
  6. Is Developed Collaboratively
  7. Is Adaptable

The preface from the book which provides an overview of these qualities can be viewed here.

At 130 pages, the book quickly focuses on the core points of the issue.  Paul writes in an easy to read and understand style. 

With the use of various stories and examples; the need for secure software development is undeniable.

Behind nearly every security vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights the qualities that are essential and critical to stop insecure code.

This is a highly valuable book that can be of significant use to every stakeholder.  From those in the boardroom, to the developers and head of application development. Ultimately, this is a book you want all of your software developers to read.

Cross-posted from RSA

Possibly Related Articles:
Application Security Vulnerabilities Best Practices Development Secure Coding Network Security Software Security Assurance Book Review
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked