Software Development Security Domain
We discuss about managing the risk and security of software development in this domain. This domain represents 10 percent of the CISSP certification exam.
Software and data are the foundation of information processing. So, you as a CISSP candidate must understand the principles of software security controls, software development, and software vulnerabilities, because An understanding of the software development process is essential for the creation and maintenance of software that’s appropriate, reliable, and secure.
Important Principle: Security should be a focus of the development lifecycle and not an addition to the process.
This Domain covers foundational concepts in various software development life cycle models, and also security requirements in each.