Software Engineering Institute

Security in the Software Life Cycle is a part of the DHS Software Assurance Series, and it is expected to contribute to the growing Software Assurance community of practice. This freely-downloadable document is intended solely as a source of information and guidance, and is not a proposed standard, directive, or policy from DHS. Indeed, the document has evolved based on input from a variety of contributors and reviewers in industry, academia, and government, and both derives from and reflects the growing body of knowledge on reducing exploitable software faults. This document will continue to evolve with usage and changes in practice; therefore, comments on its utility and recommendations for improvement will always be welcome.