Cost-Effective Development of Secure Applications

Abstract

During the last decade, software quality studies proved that poorly conceived and developed software resulted in greatly magnified maintenance costs. In reaction, new software development practices were introduced. Such modern software development methodologies are based on a highly interactive design process that involves the customer at every step. (Note that for purposes of this discussion a customer can refer to an internal department as well as an external partner or client.) Unfortunately, these new practices seem to have been forgotten when it comes to designing and implementing application security controls. This is evident from analysis of the costs associated with applications security controls. The majority of these costs can be attributed either to the reengineering of existing controls to make them conform to security requirements or to the administration of inefficient, overly secured systems.