chapter  1
78 Pages

Secure Software Concepts

It is also important to recognize that the presence of security functionality in software may allow it to support quality certification standards, but it does not necessarily imply that the software is secure. Vendors often tout the presence of security functionality in their products in order to differentiate themselves from their competitors, and while this may be true, it must be understood that the mere presence of security functionality in the vendor’s software does not make it secure. ˜is is because security functionality may not be configured to work in your operating environment, or when it is, it may be implemented incorrectly. For example, software that has the functionality to turn on logging of all critical and administrative transactions may be certified as a quality secure product, but unless the option to log these transactions is turned on within your computing environment, it has added nothing to your security posture. It is therefore extremely important that you verify the claims of the vendors within your computing environment and address any concerns you may come across before purchase. In other words, trust, but always verify. ˜is is vital when evaluating software whether you are purchasing it or building it in-house.