InsideFrontCover

Those documents and objects created in the course of building software. The touchpoints in this book are software security best practices meant to be applied to common software artifacts including requirements, use cases, design documents, architecture documents, test plans, test results, code, executables, and feedback from the field.

Like a design pattern, only applicable to attacks. A high-level description of a set of software attacks. See Chapter 8.

A bug is an implementation-level software problem. Bugs may exist in code but never be executed. Though the term bug is applied quite generally by many software practitioners, I reserve use of the term to encompass fairly simple implementation errors. Bugs are implementation-level problems that can be easily discovered and remedied. See Chapter 1.

Commercial off-the-shelf software.

Both implementation vulnerabilities and design vulnerabilities are defects. A defect is a problem that may lie dormant in software for years only to surface in a fielded system with major consequence.

A script or plan that executes against a vulnerability, leading to security compromise.

A design-level or architectural software defect. High-level defects cause 50% of software security problems. See Chapter 1.

Flaws and bugs lead to risk. Risks are not failures. Risks capture the probability that a flaw or a bug will impact the purpose of the software (i.e., risk = probability x impact). Risk measures must also take into account the potential damage that can occur. A very high risk is not only likely to happen but also likely to cause great harm. Risks can be managed by technical and non-technical means. See Chapter 1.

The idea of engineering software so that it continues to function correctly under malicious attack.

Secure Development Lifecycle.

Software development lifecycle.

The actor or agent who is the source of danger. Within information security, this is invariably the danger posed by a malicious agent (e.g., fraudster, attacker, malicious hacker) for a variety of motivations (e.g., financial gain, prestige). Threats carry out attacks on the security of the system (e.g., SQL injection, TCP/IP SYN attacks, buffer overflows, denial of service). Unfortunately, Microsoft has been misusing the term threat as a substitute for risk. This has led to some confusion in the commercial security space. See Chapter 5.

Process-agnostic software security best practice applied on a software artifact.

A defect or weakness in system security procedures, design, implementation, or internal controls that can be exercised and result in a security breach or a violation of security policy. A vulnerability may exist in one or more of the components making up a system. See Chapter 5.