Software Security Framework

Brian Chess and I just published an article on the Software Security Framework displayed below.

Governance Intelligence SDL Touchpoints Deployment
Strategy and Metrics Attack Models Architecture Analysis Penetration Testing
Compliance and Policy Security Features and Design Code Review Software Environment
Training Standards and Requirements Security Testing Configuration Management and Vulnerability Management

Our plan is to use this framework to build a maturity model for software security by interviewing executives running many of the top ten large-scale software security initiatives. Please check out the article, and stay tuned for more.

This entry was posted on Wednesday, October 15th, 2008 at 10:51 am and is filed under Software Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Previous post: What Measures do Software Vendors Use for Software Assurance?
Next post: Web application security versus software security

Leave a Reply