BMSE3003 Software Security and Safety - Chapter 1 Notes

A set of practice flashcards covering key concepts from Chapter 1: software security basics, threat modeling, SDLC/SDL, risk management, secure coding guidelines, and deployment/maintenance.

What is software security?

The practice of protecting software and information systems from threats by embedding protective measures into the design, development, and operation to ensure confidentiality, integrity, and availability.

What four practices are typically applied throughout the software development life cycle to achieve software security?

Threat modeling, secure coding, security testing, and vulnerability management.

Why is security-by-design emphasized in IEEE background notes?

Embedding security from the initial design creates a coherent, robust solution and prevents fragmentation from retrofitting security later, reducing complexity and vulnerability.

What is software assurance?

A proactive strategy for developing, maintaining, and operating software to enhance security, reliability, and trustworthiness by integrating best practices to identify and mitigate vulnerabilities.

How does software assurance differ from software security?

Software security focuses on protecting data and resources, while software assurance covers the entire lifecycle to ensure security, reliability, and trust.

Name some common threats to software security listed in the notes.

Phishing, malware, ransomware, SQL injection, worms, denial-of-service (DDoS), other cyber threats, and IoT attacks.

What is threat modeling?

A proactive process to identify attack vectors and weaknesses in an application's design to prioritize security measures before development.

What are the typical steps of threat modeling (as listed in the notes)?

Define, Diagram, Threat Model, Validate, Identify, Mitigate.

Name the threat modeling frameworks mentioned.

STRIDE, OCTAVE, PASTA, TRIKE, LINDDUN.

What does STRIDE stand for?

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

What is OCTAVE?

Operationally Critical Threat, Asset, and Vulnerability Evaluation—a risk-based security framework for organizations.

What is PASTA in threat modeling?

Process for Attack Simulation and Threat Analysis—a risk-centric threat modeling approach with seven stages.

What is TRIKE in threat modeling?

An open-source, risk-based threat modeling method that combines a requirements model and an implementation model using data flow diagrams.

What is LINDDUN?

A privacy-focused threat modeling framework that analyzes threats across seven privacy categories.

Which secure coding guidelines are highlighted?

OWASP, CERT, and Java Secure Coding Guidelines.

What is the purpose of the Security Development Lifecycle (SDL)?

To weave security into every phase of software development from the start, rather than treating it as an afterthought.

What are the key activities in SDL according to Kontra (2025)?

Defining Security Requirements, Performing Threat Modeling, Conducting Security Testing, Ensuring Compliance with Regulatory Obligations.

List the key phases of the SDL (Kontra 2025).

Requirements Definition, Threat Modeling, Secure Design & Development, Security Testing, Deployment & Maintenance.

What are some considerations during Requirements Definition (per Kontra 2025)?

Identify and adhere to legal/regulatory requirements (e.g., NIST SSDF, ISO 27001, PCI DSS); define robust access controls and data encryption standards; establish secure coding guidelines.

What are secure design & development best practices?

Validate all input to prevent injections (SQLi, XSS); encrypt data at rest and in transit; enforce role-based access control (RBAC); use automated security tools.

What security testing techniques are described?

Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, and Software Composition Analysis (SCA); integrate into CI/CD.

What activities belong to Deployment & Maintenance?

Continuous monitoring and security logging, regular patching, post-deployment security assessments, and a proactive incident response plan.

What is the Risk Management Framework (RMF) about?

Identification, assessment, and prioritization of risks, followed by coordinated efforts to minimize, monitor, and control adverse events.

What are examples of RMF standards mentioned?

ISO 31000, NIST Risk Management Framework, COSO ERM.

What are the essential main properties of secure software?

Integrity, Availability, and Confidentiality.

What are complementary properties of secure software listed?

Reliability, Authentication, Robustness, Resilience, and Tolerance.

Why is early security integration important?

It ingrains security across the entire software development life cycle, helping manage complexity and prevent vulnerabilities.

What are the benefits of identifying threats (as per SentinelOne 2024)?

Improved security posture, regulatory compliance, cost savings, and better business continuity.