A Checklist based Framework for Software Security Risk Management

As security of software systems is becoming more and more important in the current era of ecommerce and e-governance, traditional approaches for software development should be supplanted with a formal approach to security in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process. This paper focuses on the development of a Security Checklist for the software life cycle. It includes the critical areas of requirements gathering andspecification, design and code issues, and maintenance and decommissioning of software and systems.