Abstract

Software security is being increasingly considered important in the software development process. However, in practice, software security is often neglected due to inherent constraints such as time to market and budget. Various efforts have been undertaken to address the problem of enhancing the security quality of software. For example, managers can provide secure coding standards and guidelines, and encourage software engineers to follow these recommended practices. However, it is not feasible to expect every software engineer to become an expert in software security and apply one’s security knowledge. A more realistic model is to minimize the software security–related burden imposed on software engineers by providing as much support as possible. A number of different approaches may be taken to provide this support, and the choice of methods depends on the size and nature of the organization developing the software. We refer to this new mind-set toward software security as “developer-friendly software security.” This entry explores ways to promote the developer-friendly software security concept in a software development organization.