Introduction. The Secure Development Lifecycle. Security Assessment (A1): SDL Activities and Best Practices. Architecture (A2): SDL Activities and Best Practices. Design and Development (A3): SDL Activities and Best Practices. Design and Development (A4): SDL Activities and Best Practices. Ship (A5): SDL Activities and Best Practices. Post-Release Support (PRSA1–5). Applying the SDL Framework to the Real World. Pulling It All Together: Using the SDL to Prevent Real-World Threats.
Dr. James Ransome is the Senior Director of
Product Security and responsible for all aspects of McAfee’s
Product Security Program, a corporate-wide initiative that supports
McAfee’s business units in delivering best-in-class, secure
software products to customers. In this role, James sets program
strategy, manages security engagements with McAfee business units,
maintains key relationships with McAfee product engineers, and
works with other leaders to help define and build product security
capabilities. His career has been marked by leadership positions in
private and public industries, including three chief information
security officer (CISO) and four chief security officer (CSO)
roles. Prior to entering the corporate world, James had 23 years of
government service in various roles supporting the U.S.
intelligence community, federal law enforcement, and the Department
of Defense.
James holds a Ph.D. in Information Systems. He developed/tested a
security model, architecture, and provided leading practices for
converged wired/wireless network security for his doctoral
dissertation as part of a NSA/DHS Center of Academic Excellence in
Information Assurance Education program. He is the author of
several books on information security, and Core Software Security:
Security at the Source is his 10th. James is a member of Upsilon Pi
Epsilon, the International Honor Society for the Computing and
Information Disciplines, and he is a Certified Information Security
Manager (CISM), a Certified Information Systems Security
Professional (CISSP), and a Ponemon Institute Distinguished
Fellow.
Anmol Misra is an author and a security
professional with a wide range of experience in the field of
information security. His expertise includes mobile and application
security, vulnerability management, application and infrastructure
security assessments, and security code reviews. He is a Program
Manager in Cisco’s Information Security group. In this role, he is
responsible for developing and implementing security strategy and
programs to drive security best practices into all aspects of
Cisco’s hosted products. Prior to joining Cisco, Anmol was a Senior
Consultant with Ernst & Young LLP. In this role, he advised Fortune
500 clients on defining and improving information security programs
and practices. He helped corporations to reduce IT security risk
and achieve regulatory compliance by improving their security
posture.
Anmol is co-author of Android Security: Attacks and Defenses, and
is a contributing author of Defending the Cloud: Waging War in
Cyberspace. He holds a master’s degree in Information Networking
from Carnegie Mellon University and a Bachelor of Engineering
degree in Computer Engineering. He is based out of San Francisco,
California.
First and foremost, Ransome and Misra have made an engaging book
that will empower readers in both large and small software
development and engineering organizations to build security into
their products. This book clarifies to executives the decisions to
be made on software security and then provides guidance to managers
and developers on process and procedure. Readers are armed with
firm solutions for the fight against cyber threats.—Dr. Dena
Haritos Tsamitis, Director, Information Networking Institute and
Director of Education, CyLab Carnegie Mellon University
Finally, the definitive how-to guide for software security
professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield
deftly outline the procedures and policies needed to integrate real
security into the software development process and why security
needs to be software and developer-centric if it is to be relevant.
A must-have for anyone on the front lines of the Cyber War -
especially software developers and those who work with them.—Cedric
Leighton, Colonel, USAF (Ret); Founder & President, Cedric Leighton
Associates
In the wake of cloud computing and mobile apps, the issue of
software security has never been more important than today. This
book is a must read for security specialists, software developers
and software engineers. The authors do a brilliant job providing
common sense approaches to achieving a strong software security
posture.—Dr. Larry Ponemon, Chairman & Founder, Ponemon
Institute
The root of software security lies within the source code developed
by software developers. Therefore, security should be
developer-centric, focused on the secure development of the source
code. Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a
magic formula in this book - the methodology and process to build
security into the entire software development life cycle so that
the software is secured at the source!
—Eric S. Yuan, Founder and CEO, Zoom Video Communications, IncMisra
and his co-author James Ransome, senior director of product
security at McAfee, an Intel Company, reflected on years of lessons
learned and experiences with Fortune 500 clients and devised a
methodology that builds security into software development. The
newly published book Core Software Security, Security at the Source
takes an innovative approach that engages the creativity of the
developer. ... The book covers embedding security as a part of
existing software development methods, and how security can be a
business enabler and a competitive differentiator. Throughout the
book, the authors describe a modern, holistic framework for
software security that includes people, process and technology. The
book includes metrics, cost effectiveness, case studies, threat
modeling and considerations for mobile software and privacy.—Sherry
Stokes, writing in Carnegie Mellon News, May 2014
First and foremost, Ransome and Misra have made an engaging book
that will empower readers in both large and small software
development and engineering organizations to build security into
their products. This book clarifies to executives the decisions to
be made on software security and then provides guidance to managers
and developers on process and procedure. Readers are armed with
firm solutions for the fight against cyber threats.—Dr. Dena
Haritos Tsamitis, Director, Information Networking Institute and
Director of Education, CyLab Carnegie Mellon University
Finally, the definitive how-to guide for software security
professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield
deftly outline the procedures and policies needed to integrate real
security into the software development process and why security
needs to be software and developer-centric if it is to be relevant.
A must-have for anyone on the front lines of the Cyber War -
especially software developers and those who work with them.—Cedric
Leighton, Colonel, USAF (Ret); Founder & President, Cedric Leighton
Associates
In the wake of cloud computing and mobile apps, the issue of
software security has never been more important than today. This
book is a must read for security specialists, software developers
and software engineers. The authors do a brilliant job providing
common sense approaches to achieving a strong software security
posture.—Dr. Larry Ponemon, Chairman & Founder, Ponemon
Institute
The root of software security lies within the source code developed
by software developers. Therefore, security should be
developer-centric, focused on the secure development of the source
code. Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a
magic formula in this book - the methodology and process to build
security into the entire software development life cycle so that
the software is secured at the source!
—Eric S. Yuan, Founder and CEO, Zoom Video Communications, Inc
Misra and his co-author James Ransome, senior director of product
security at McAfee, an Intel Company, reflected on years of lessons
learned and experiences with Fortune 500 clients and devised a
methodology that builds security into software development. The
newly published book Core Software Security, Security at the Source
takes an innovative approach that engages the creativity of the
developer. ... The book covers embedding security as a part of
existing software development methods, and how security can be a
business enabler and a competitive differentiator. Throughout the
book, the authors describe a modern, holistic framework for
software security that includes people, process and technology. The
book includes metrics, cost effectiveness, case studies, threat
modeling and considerations for mobile software and privacy.
—Sherry Stokes, writing in Carnegie Mellon News, May 2014
Ask a Question About this Product More... |