Software development: Building security in

by Kevin Beaver

May 9, 2006 —

When it comes to software security, the general perception is that including technologies such as firewalls, intrusion prevention systems, and malware protection throughout the software development life cycle is all that's needed to keep information secure in the end product. However, these technologies are mostly reactive in nature and don't prevent the vulnerabilities in the first place. Also, at the development level, there's a lot of talk about testing for buffer overruns, validating user input, using the principle of least privilege, and so on. These are certainly solid practices, but there's still a considerable gap when it comes to getting to the root of software flaws

Principle Logic