New Guidelines: Development of Security-Critical Software

More specifically, these guidelines provide guidance for engineers involved in the specification, design, implementation, verification, deployment, or maintenance of security-critical software.
“Security threats to software systems are more prevalent now than they ever have been, and these guidelines will equip registrants with the tools they need to develop software systems that are secured to the standards expected of engineering professionals,” said David Slade, a Practice Advisor with Engineers and Geoscientists BC.
“These guidelines will serve as a valuable tool for any professionals involved in the development of security-critical software by offering a strategic, structured development approach along with best practices, standards and resources,” Slade said.
Many software systems maintain private, business-confidential, or otherwise sensitive information and some systems need to be highly trusted with respect to their integrity and availability. Modern systems are increasingly networked at different levels of scale, ranging from critical infrastructure, such as smart power grids, to household smart devices.
These systems are constantly exposed to threats from various kinds of malicious agents seeking to identify and exploit vulnerabilities, and their interconnectivity can expose new vulnerabilities to an otherwise secure system. While software cannot, in general, be guaranteed to be secure or to be free of defects, the use of secure software engineering practices can prevent, manage, or reduce the likelihood of many security vulnerabilities and facilitate the recovery from successful attacks.
The guidelines also cover risk management, security objectives for security-critical software, as well as lifecycle processes including decommissioning of security-critical software.
Engineers and Geoscientists BC partnered with experienced registered software engineering professionals to develop the guidelines.
The Professional Practice Guidelines – Development of Security-Critical Software are available on our website.
Photo: AI Booth / Shutterstock