This document is part of the US-CERT website archive. These documents are no longer updated and knowledge management system life cycle pdf contain outdated information. Links may also no longer function. Supply Chain Assurance content is no longer updated.
The articles are provided here for historical reference. Build Security In was a collaborative effort that provided practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. A significant portion of the BSI effort was devoted to best practices that can provide the biggest return considering current best thinking, available technology, and industry practice.
Software defects with security ramifications, including implementation bugs and design flaws such as buffer overflows and inconsistent error handling, promise to be with us for years. Recurring patterns of software defects leading to vulnerabilities have been identified, and the BSI team documented detailed instructions on how to produce software without these defects.
The BSI site includes an explanation of the following types of tools: Modeling Tools, Source Code Analysis Tools, and Black Box Testing. Descriptions are included of the technologies, how they work, and why they are useful.