ABSTRACT
Application security is broken down into three parts: 1) the
application in development, 2) the application in produc-
tion, and 3) the commercial off-the-shelf software (COTS)
application that is introduced into production. Each one
requires a different approach to secure the application. As
with the Common Criteria ISO 15408, one must develop a
security profile or baseline of security requirements and
level of reasonability of risk.