CISSP考试指南笔记：8.1 创建好的代码

Quality can be defined as fitness for purpose.

Code reviews and interface testing, are key elements in ensuring software quality.

Software controls come in various flavors and have many different goals. They can control input, encryption, logic processing, number-crunching methods, inter-process communication, access, output, and interfacing with other software. Software controls should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development. The goals are to reduce vulnerabilities and the possibility of system compromise.

Where Do We Place Security?

This chapter is an attempt to show how to address security at its source, which is at the software development level. This requires a shift from reactive to proactive actions toward security problems to ensure they do not happen in the first place, or at least happen to a smaller extent.

Different Environments Demand Different Security

As the complexity of these types of environments grows, tracking down errors and security compromises becomes an awesome task.

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记：8.1 创建好的代码