It is often debated how Quality assurance relates to Security assurance. I have a slightly unconventional view of the relation between the two.
You see, when we talk about the security assurance in software, I view the whole process in my head end to end. And the process runs roughly like this:
Security, in my view, is the process of making sure that whatever the designer was thinking about in his head ends up actually running at the customer site. The software must run exactly the way the designer imagined, that is the task.
Now, the software has to run correctly both under the normal circumstances and under really weird conditions, i.e. under attack. So the Quality Assurance takes the part of verifying that it runs correctly under normal circumstances while Security Assurance takes care of the whole picture.
Thus Quality Assurance becomes an integral part of Security Assurance.
Three roads to product security | Holy Hash!2014-10-16 05:07 /
[…] and “process security” approach. Bear in mind that my definition of security is also much broader than […]