Training For Building Secure Software Security Activities

853 WordsMay 4, 20164 Pages
The BSIMM states that intelligence practices result in collections of knowledge to use to carry out software security activities throughout your organization (2015). The collection of security knowledge included in the intelligence domain are policy, standards, design and attack patterns in reference to a secure architecture and secure development framework within the SSF (McGraw, 2006). This domain provides the essential resources to equip the staff with the necessary training for development and delivery. McGraw (2006) traced that the topics included are security knowledge and assurance activities with retrofitting of the existing courseware to software security concepts. Moreover, the SAS stated that the secure developments standards are met in the proper deployment of the intelligence domain. According to the SAS SSF, developers work with the standards and guidelines that provide the foundation for building secure software (SAS, 2015). The three practices of intelligence domain are attack models, security features, and standards and requirements. First, Attack models capture information used to think like an attacker: threat modeling, abuse case development and refinement, data classification, and technology-specific attack patterns (McGraw, 2004). Second, Security features and design practice is charged with creating usable security patterns for major security controls meeting the standards defined in the next practice, building middleware frameworks for those
Open Document