CISSP Domain 8 Refresh: Software Development Security
In our cars, our watches, and even our refrigerators, software seems to be finding its way into everything. Along with its promise of increased productivity and data, however, are the risks that programming and other software development errors can introduce to our world. In 2017, The Atlantic magazine wrote of “The Coming Software Apocalypse” while TechRepublic,
estimates most modern software has one bug per 1000 lines of code. In this CISSP Domain 8 Refresh, we explore what this means for security professionals while also revisiting some of the certifications’ key concepts and terminology.
This section of Domain 8 dives deep into the world of software development. While it covers many key programming concepts, security professionals need to understand their role in providing a secure foundation for the design and delivery of software that meets customer needs. This includes terminology such as machine code run directly by the CPU, source code written for computer programs to run, and the compilers, interpreters, and bytecode that interpret, translate, and execute written code.
Standing in stark contrast to the older, structured way of programming, Object-Oriented Design treats software as a collection of objects that communicate with each other and their environment. The concepts go further to include objects, methods, messages between objects, and a range of other qualities like (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/dqtw9a7UfkQ/