TY - CONF JO - Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on TI - Software security checklist for the software life cycle T2 - Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on IS - SN - 1080-1383 VO - SP - 243 EP - 248 AU - Gilliam, D.P. AU - Wolfe, T.L. AU - Sherif, J.S. AU - Bishop, M. Y1 - 9-11 June 2003 PY - 2003 KW - formal specification KW - security of data KW - software development management KW - software engineering KW - software code issues KW - software decommisioning KW - software design KW - software development KW - software life cycle KW - software maintenance KW - software security assessment instrument KW - software security checklist KW - software specification KW - systems code issues KW - systems decommisioning KW - systems design KW - systems maintenance KW - systems specification VL - JA - Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on DOI - 10.1109/ENABL.2003.1231415 AB - A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionally, software security has been treated as an afterthought leading to a cycle of 'penetrate and patch.' Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process. The current research at JPL addresses both of these areas through the development of a Software Security Assessment Instrument (SSAI). This paper focuses on the development of a Software Security Checklist (SSC) for the life cycle. It includes the critical areas of requirements gathering and specification, design and code issues, and maintenance and decommissioning of software and systems. ER -