Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Report on the state of the art in software security assurance (20070810)
The US Dept. of Defense Information Assurance Technology Analysis Center and the Data and Analysis Center for Software have jointly released Software Security Assurance Start-of-the-Art Report. This report is a 400-page PDF document which includes
- an introduction to software threats and vulnerabilities,
- secure systems engineering,
- security concerns at each stage of the software development lifecycle and a comparison of the security enhanced methodologies,
- a survey of software assurance initiatives, organizations and other resources, and
- a list of observations on the general problem of security assurance and current research efforts.