ABSTRACT
It is imperative that students understand and appreciate the role of Software Security in the cybersecurity process. That is because software affects all areas of modern life. Software failures allow successful attacks on systems and data. Thus, developers must design and build functionally correct software systems, and system operators need to be able to identify flaws and propose mitigations that minimize weaknesses and vulnerabilities. In practice, Software Security is the development and enforcement of policies about proper development, operation, and maintenance practice. Therefore, a knowledge base that itemizes those practices and a defined curriculum for presenting them is a critical part of the general body of knowledge in cybersecurity.
In this chapter, the reader learns about the fundamental design principles for Software Security as well as the importance of security requirements and the role they play in design. The reader will also see how the concept of open design and abstraction supports this. The reader will learn how to apply least privilege to the creation of software functionality and the ethical issues that apply to the development, testing, and vulnerability disclosures for software. Finally, implementation issues that can affect the security of software are explored including the similarities and differences of static and dynamic analysis and the effect that proper configuration and patching have on overall security of software.
