Security

Architecture and Design Considerations for Secure Software

SoftwareAssurancePocket Guide Series: Developm Volum V ent, e Version2.0, M 18, 2012 ay

Software Assurance (SwA) Pocket Guide Resources

This is a resource for ‘getting started’ in selecting and adopting relevant practices for delivering secure software. As part of the Software Assurance (SwA) Pocket Guide series, this resource is offered as informative use only; it is not intended as directive or comprehensive. Rather it references and summarizes material in the source documents that provide detailed information. When referencing any part of this document, please provide proper attribution and reference the source documents, when applicable.

This volume of the SwA Pocket Guide series focuses on the practices and knowledge required to establish the architecture and high-level design for secure software during the Software Development Life Cycle (SDLC). It addresses design aspects such as threat modeling, misuse/abuse cases, and secure design patterns. The pocket guide covers design aspects of specific technologies such as mobile applications, databases, embedded systems, and web applications. It addresses formal methods and architectural design, principles for the design of secure software, and criteria for design review and verification. It describes key architecture and design practices for mitigating exploitable software weaknesses. Questions are offered for managers, in development and procurement, to aid in understanding whether the software development team has performed requisite practices to ensure the architecture and design sufficiently contributes toward the development of secure software.

At the back of this pocket guide are references, limitation statements, and a listing of topics addressed in the SwA Pocket Guide series. All SwA Pocket Guides and SwA-related documents are freely available for download via the SwA Community Resources and Information Clearinghouse at...