This version of the Development Guide has normalized its principles with those from major industry texts, while dropping a principle or two present in the first edition of the Development Guide. This is to prevent confusion and to increase compliance with a core set of principles. The principles that have been removed are adequately covered by controls within the text.
This course (nominal fee) offers a comprehensive coverage of practical knowledge in how to design secure software as well as insights on the significance of the role secure design plays during a software development life cycle. Some of the critical topics covered in this course include secure design principles and processes in addition to fundamental security concepts such as access control, encryption, etc. This course also devotes a significant amount of time to discussing well known secure design solutions including architectural patterns and design patterns focusing on security countermeasures and concludes with the discussion of software security analysis and evaluation as mechanisms to assess the effectiveness of the secure design solutions implemented in the form of source code.
The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. ENISA is contributing to a high level of network and information security (NIS) within the European Union, by developing and promoting a culture of NIS in society to assist in the proper functioning of the internal market. This document provides a comprehensive list of different SSE initiatives, with a focus on the EU,but also including some major US and global SSE initiatives.
The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost