Thou shalt have no other gods before the ANSI C standard 1633

Douglas A. Gwyn

Those are the contexts, but the book you recommended does not address the intersection of the topics: systematic methodology asappliedtosecurity. And BTW several other authorities, notably Yourdon, have strong disagreements with his approach because it is somewhat mired in the '70s notion of everything being handled by a structured hierarchy. That's isn't the way software development happens in real life. And it certainly isn't the best of all possible ways to develop software.

But it is an excellent starting point for people who have no concept of the difference between amateur and professional software development. Most importantly it puts into perspective the (lack of) importance of coding and emphasizes all of the key steps that have to happen correctly before coding begins.

It is in those preliminary steps that most of the security vulnerabilities will be avoided as part of the process of eliminating whole clbuttes of defects. The key point being that most security vulnerabilities are just another kind of bug, and bugs can be prevented.

The few remaining security threats have to be identified throughout the development process, especially after all of the features are implemented and tested and the as-built documentation can be created.

tj3