PCI Compliance by Anton Chuvakin & Branden R. Williams

Author:Anton Chuvakin & Branden R. Williams
Language: eng
Format: epub
ISBN: 9781597499538
Publisher: Elsevier Inc.
Published: 2012-08-01T16:00:00+00:00

Other aspects of your vulnerability management program apply to securing the software developed in-house. Section 6.3 states that one needs to “develop software applications based on industry best practices and incorporate information security throughout the software-development life cycle.” The unfortunate truth, however, is that there is no single authoritative source for such security “best practices” and, at the same time, current software “industry best practices” rarely include “information security throughout the software-development life cycle.” Here are some recent examples of projects that aim at standardizing security programming best practices, which are freely available for download and contain detailed technical guidance:

• BSIMM “The Building Security In Maturity Model”; see www.bsi-mm.com/;

• OWASP “Secure Coding Principles”; see www.owasp.org/index.php/Secure_Coding_Principles;

• SANS and MITRE “CWE/SANS TOP 25 Most Dangerous Programming Errors”; see www.sans.org/top25errors/ or http://cwe.mitre.org/top25/;

• SAFECode “Fundamental Practices for Secure Software Development”; see www.safecode.org/.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.