Bureau Veritas recently released some security guidelines, in order to help software developers, product managers and quality assessors achieve software systems that comply with recent objectives and intended levels of security.
According to these security guidelines, software components’ goal is to provide intelligent functionalities in complex systems. This makes the need to identify effective security practices for software components, even greater.
Conducting a threat analysis is vital. In order for it to be successful it needs to include an assessment of a software system’s distinct activities, and an independent evaluation that audits an organization’s security. In these evaluations, human factor is taken into account, as well as the company’s security governance.
Furthermore, identifying clear objectives and acceptance criteria, will enable the development of better cybersecurity measures, Bureay Veritas says. These are identified through four phases of a software’s lifecycle:
- A system’s architecture,
- Security functions and ability checks,
- Common weaknesses and operations review,
- Incidents and updates monitoring.
