ABSTRACT
The pervasiveness of information systems and software products in the creation of critical infrastructures has raised the value of security and trustworthiness of such systems, with almost every application having some kind of security requirement. The pervasiveness of software coupled with the massive interconnectivity of systems and networks and the increasing complexity of applications and services inevitably means higher chances of suffering security threats. Such threats may take many forms from being vulnerable to cyberattackers such as malicious hackers, code writers, cyberterrorists and so forth. The consequences of a security breach in information systems may range from extensive financial losses to dangers to human life. Security concerns should therefore be an integral part of the entire planning, design development, testing and ongoing maintenance of all software-intensive systems. The aim of this chapter is to create an awareness of the software security process and to assist organization in processes that minimize and ideally prevent security vulnerabilities. To do so, in this chapter, the authors introduce the main options available to incorporate software in an organization and analyze them from the domain of security engineering perspective.
