This preview shows page 1. Sign up to view the full content.
Unformatted text preview: crosoft and C++
technologies.The development team focused on the new web interfaces is primarily composed of Java developers. Organization
VirtualWare has been developing their core software platform for
over 8 years. During this time they have had limited risk from common web vulnerabilities due to minimal usage of web interfaces.
Most of the VirtualWare platforms are run through either a server
based systems or thick clients running on the desktop. VirtualWare employs over 300 developers, with staff broken up into
teams based on the projects that they work on. There are 12 teams
with around 20–40 developers per team. Within each team there
is minimal experience with software security, and although senior
developers perform basic assessments of their code, security is not
considered a critical goal within the organization. Recently VirtualWare started a number of new project streams,
which deliver their client and server interfaces via web technology.
Knowing the extent of common attacks seen over the web, this has
driven the organization to review their software security strategy
and ensure that it adequately addresses possible threats towards
their organization going forward. Each team within VirtualWare adopts a different development
model. Currently the two primary methodologies used are Agile
SCRUM and iterative Waterfall style approaches. There is minimal
to no guidance from the IT department or project architects on
software security. Previously the organization had undertaken basic reviews of the
application code, and has been more focused on performance and
functionality rather than security.VirtualWare developers have been
using a number of code quality analysis tools to identify bugs and
address them within the code. SAMM / Case Studies - v1.0 With this in mind, the upper management team has set a strategic
objective to review the current status of the security of their applications and determine the best method of identifying, removing,
and preventing vulnerabilities in them. 84 Phase 1
Phase 4 ✦Rapid release of application features to ensure they
maintain their competitive edge over rivals
✦Limited experience with software security concepts—currently
minimal effort is associated with security related tasks
✦Developers leave the organization and are
replaced with less experienced developers
✦Multiple technologies used within applications, with legacy
applications that have not been updated since originally built
✦No understanding of existing security posture
or risks facing the organization
VirtualWare wanted to focus on ensuring that their new web applications would be delivered securely to their customers. Therefore
the initial focus on implementing the security assurance program
was on education and awareness for their development teams, as
well as providing some base technical guidance on secure coding
and testing standards.
The organization previously had received bug requests and se...
View Full Document
This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.
- Spring '14