Contrary to the perception, experts are now of the opinion that security cannot be feasibly added into an exiting system. It is an emergent property that requires advance planning during requirements phase with careful design. Earlier Software Security was an after thought, which used to compound itself during later stages.
Generally, it used to be taken as post development process; and had been a matter of concern only when s penetrated by attackers. Barry Boehm and Victor R. Basili, famous software experts from University of South California and University of Maryland observed that finding and fixing a software problem after delivery is often 100 times more expensive than finding and fixing it during the requirements and design phase. But now, the need to consider security from the ground up is a fundamental tenet of secure system development. We can reduce the cost and efforts by implementing the security aspect right from beginning i.e. from requirement phase onwards.
Click on the file attachment below to read this paper.
About the Author
Santosh K. Pandey is the Sr. Research Associate of Computer Science Department at JMI. He has about 5 years of experience in the software development and R&D. His research interest includes: Software Security, Requirement Engineering, Security Policies and Standards, Software Engineering, Access control and Identity Management, Vulnerability Assessment etc. Currently, he is working on Software Security and Requirements Engineering. He has published 15 research papers in various International/ National Journals and Conferences/Seminars.