In September, I gave a presentation focused on helping quality assurance professionals understand how they fit into a secure software development process (SSDP) and how they can take an active role in improving software security. In that presentation, I discussed essential elements that make up a successful SSDP. These elements are: security requirements (expectations), secure architecture, configuration, and coding patterns (how to satisfy an expectation), and validation criteria (verification that expectations have been met). These elements allow an organization to be transparent regarding its security goals and performance. They also facilitate communication with customers, developers, managers, and other project stakeholders.
This article is part 2 in the series discussing non-negotiable elements of a secure software development process. In part 1 of the series, we discussed how security requirements set clear and reasonable expectations that development teams can plan for and meet to satisfy a specific level of security assurance. This article focuses on secure architecture, configuration, and coding patterns that equip development teams to meet those requirements.
What are Secure Architecture, Configuration, and Coding Patterns?
Secure architecture, configuration, and coding patterns are language specific implementations of code, frameworks, configuration, and application designs that satisfy a security requirement. They provide development teams with positive examples and instructions to successfully adhere to security practices without requiring them to be a security expert... [Article Posted on the Security PS Blog: Non-Negotiable
Elements of a Secure Software Development Process: Part 2 - Secure
Architecture, Configuration, and Coding Patterns]