Security risks: management and mitigation in the software life cycle

Abstract

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects, which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Software Security Assessment Instrument (SSA1) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.