Reasonable Software Security Engineering 

A Perspective From Adam Shostack

Adam Shostack—a security consultant, enterprenuer, technologist, author and game designer—currently serves as a member of BlackHat’s Review Board and helped found Common Vulnerabilities and Exposures. During his career of creating software products and security solutions, he has witnessed an evolution in software security engineering—from its growing importance to enterprise strategy, to differing ideas on where to properly anchor such activities, to emerging guidelines on best practices.

In this Perspectives article authored by Shostack, Reasonable Software Security Engineering, he urges enterprises to reevaluate their current software security development practices and to ground them firmly in an engineering environment. Too many organizations don’t use security engineering according to Shostack.

The message to business decision-makers should be: “Investment in security engineering pays off,” Shostack says. Learn why and where you need software security engineering, including details on fuzzing and threat modeling, as well as how to create a strategy for optimizing your security engineering efforts. Download the free article today!

  View Article
  Provide feedback on this document

About Perspectives

ISACA’s Perspectives series provides expert opinion and commentary from industry leaders on technology topics. The Perspective article reflects the view, observation and opinion of the author and does not represent the views, observations or opinions of Information Systems Audit and Control Association, Inc. (“ISACA”).