ABSTRACT

We started our journey, regarding the seven qualities of highly secure software, learning that Quality #1 is about building security in by being proactive. Quality #2 is about beginning with the end in mind, meaning that we plan for the security controls that are to be built into the software, and that the controls implemented and deployed map to a security plan. Quality #3 is about putting first things first and incorporating the foundational elements of highly secure software, which includes protection against disclosure, alteration, destruction or denial-of-service, and assurance of authentication, authorization, and auditing. Quality #4 highlights the need to think win-win by balancing risk with reward, functionality with assurance, and threats with appropriate controls that mitigate those threats. Quality #5 brings to our attention the need for the security team to understand what the business requirements are before they incorporate security requirements into the software they build. Quality #6 brings to light that highly secure software is not developed in a silo, but is collaboratively developed, taking into account the synergies among the varied stakeholders. Finally, we learn that Quality #7 is about continuously improving the state of security in the software

by designing it to be adaptable to changes in technologies, threats, and talent pool.