ABSTRACT
Economic costs of faulty software in the United States range in the tens of billions of dollars every year and represent about one percent of the U.S. gross domestic product (GDP).
And things are getting worse. In efforts to “do something” about the problem, we’ve gone from ignor-
ing it, to acknowledging its existence, and lately to testing for vulnerabilities that we’re certain we’ll find. Rather than trying to test-in quality, would it not be better to
build it in
from the start? Secure and resilient application software can only emerge from a soft-
ware development lifecycle (SDLC) that treats nonfunctional requirements (NFRs) and quality requirements as a
core element of every phase
, as well as in postdeployment. By mandating security and resilience within the SDLC itself and ensuring that requirements related to security and resilience are treated as
equal citizens
with all functional requirements, managers can rest better at night knowing their infrastructure and applications are continuously working as their defender rather than their enemy.
