Information Assurance
Question 1:
This week main topics are “Secure Software” and “Ethics, Law and Governance”.
I am attaching here two papers by two leading software security researchers to minimize software vulnerabilities or their exploitation by attackers Two of the three ideas proposed by these papers advocate the use of law/regulations to minimize software vulnerabilities. Dorothy Denning puts forward two ideas: (1) Use of a vulnerability bounty program that rewards vulnerability discoverers, and (2) Holding software developers legally responsible (liable) for their faulty programs. Carl Landwehr proposes code governing software code.
For this conference, your task is to take one of these three ideas and discuss its pros and cons.
Here are the two papers:
Dorothy Denning on Secure Software
Carl Landwehr – Code for Code
Question 2:
By now, you should have a good understanding what it takes to engineer complete and correct requirements, secure design and secure code. You are also exposed to process improvement techniques. Now you are in a good position to analyze or critique systems that have failed in the past. Search the web for an example(s) of software development projects which failed. There will be many. Pick one which interests you. Briefly post your summary of the failed project. Be sure to touch up on the following points:
1. Why did it fail? Was it poor requirements, poor design, poor coding and poor testing, validation & verification?
2. Did it fail because of project and program management?
3. Did it follow good assurance techniques?
4. Did the project pay attention to secure design and coding?