Secure Coding SwA Pocket Guide - Build Security In - US-CERT

Software Assurance (SwA) Pocket Guide SeriesSwA is primarily focused on software security and mitigating risks attributable to software; better enabling resilience inoperations. SwA Pocket Guides are provided; with some yet to be published. All are offered as informative resources; notcomprehensive in coverage. All are intended as resources for ‘getting started’ with various aspects of software assurance. Theplanned coverage of topics in the SwA Pocket Guide Series is listed:SwA in Acquisition & OutsourcingI. Software Assurance in Acquisition and Contract LanguageII. Software Supply Chain Risk Management & Due-DiligenceSwA in DevelopmentI. Integrating Security in the Software Development Life CycleII. Key Practices for Mitigating the Most Egregious Exploitable Software WeaknessesIII. Software Security TestingIV. Requirements Analysis for Secure SoftwareV. Architecture & Design Considerations for Secure SoftwareVI. Secure CodingVII. Security Considerations for Technologies, Methodologies & LanguagesSwA Life Cycle SupportI. SwA in Education, Training & CertificationII. Secure Software Distribution, Deployment, & OperationsIII. Code Transparency & Software LabelsIV. Assurance Case ManagementV. Assurance Process Improvement & BenchmarkingVI. Secure Software Environment & Assurance EcosystemVII. Penetration Testing throughout the Life CycleSwA Measurement & Information NeedsI. Making Software Security MeasurableII. Practical Measurement Framework for SwA & InfoSecIII. SwA Business CaseSwA Pocket Guides and related documents are freely available for download via the DHS NCSD Software AssuranceCommunity Resources and Information Clearinghouse at https://buildsecurityin.us-cert.gov/swa.Software Assurance Pocket Guide Series:Development Volume VI – Version 2.0, , May 18, 2012Secure Coding29