Official (ISC)² CISSP - Domain 8: Software Development Security
Terms in this set (...)
ActiveX Data Objects (ADO)
A Microsoft high-level interface for all kinds of data.
Capability Maturity Model for Software (CMM or SW-CMM)
Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.
Common Object Request Broker Architecture (CORBA)
A set of standards that addresses the need for interoperability between hardware and software products.
A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.
Configuration Mangement (CM)
Monitoring and managing changes to a program or documentation.
An information flow that is not controlled by a security control.
The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.
The practice of examining large databases in order to generate new information.
Database Management System (DBMS)
A suite of application programs that typically manages large, structured sets of persistent data.
Describes the relationship between the data elements and provides a framework for organizing the data.
An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate.
A record of the events occurring within an organization's systems and networks.
Integrated Product and Process Development (IPPD)
A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.
Development models that allow for successive refinements of requirements, design, and coding.
Knowledge Discovery in Databases (KDD)
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.
Information about the data.
Rapid Application Development (RAD)
A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development.
Software Assurance (SwA)
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner.
Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
Time of Check/Time of Use (TOC/TOU) Attacks
Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Trusted Computing Bases (TCB)
The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.
Waterfall Development Model
A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.
Chapter 10: Software Development Security203 terms