Software Security Assurance: A Framework for Software Vulnerability Management and Audit

Ouce Labs Ounce Labs released a valuable resource for everybody involved in the Software Security business. "Software Security Assurance: A Framework for Software Vulnerability Management and Audit" is more than a framework, it’s a call to action driven by the need for better understanding of roles and responsibilities in software security assurance.
 

The paper starts by presenting the main components of software risk management processes which must address the issues and consequences of vulnerable software.

The core of the solution offered by OunceLabs  for managing software security assurance is based on 4 critical cyclic actions:

  • Perform Risk Assessment : Determine the extent of vulnerabilities and their potential impact
  • Provide Vulnerability Management and Remediation: Identify and fix the flaws
  • Set Security Standards for Development and Deployment: Prevent the introduction of vulnerabilities
  • Ensure Ongoing Assessment and Assurance: Provide monitoring and auditing

The Appendixes provide a consistent starting point for implementing the framework :

  • Appendix A : Audit Program and Internal Control Questionnaire for Source Code Vulnerability Management
  • Appendix B: Roles and Responsibilities for Software Security Assurance
  • Appendix C: Control Objectives and Practices (related Control Frameworks, Requirements, Standards and Guidance : COSO, SOX, COBIT, ISO/IEC 17799 )
  • Appendix D : Web Application Vulnerabilities : Top 10 Sources of Exposure to Locate and Remediate

I see this guide fitting very well in a general PDCA security management framework

Download (free registration required)  : Software Security Assurance: A Framework for Software Vulnerability Management and Audit



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge