#acl alan@dsv.su.se, ulrikan@dsv.su.se:read,write,delete,revert,admin All:read = SOSEC - Software Security = == Level == Advanced level - Second cycle course == Required knowledge == In order to take this course the student must have: * 7,5 credits in information security, for example the course ML470C Introduction to Information Security * 90 credits in Computer and Systems Sciences or similar knowledge == Aim == After the course the student should be able to: * Communicate an understanding of the important methods, roles and resources for the development of secure software. * Describe common vulnerability causes, effects and ways to prevent vulnerabilities and their effects. * Demonstrate knowledge of the relationship between the studied model and similar models. * Explain how international standards can help in the process of creating secure and reliable software. == Syllabus == In the problem of how to create secure and reliable software different relevant phenomena is studied, such as: * Secure software development processes (such as clasp, Microsoft SDL, McGraw's 7 Touchpoints). * Computerized tools supporting the different steps and activities of these development processes (such as Static Code Checking, fuzz-testing tools). * Statistics about and compilations of known vulnerabilities, and specific methods to prevent them (such as CVE, OWASP Top Ten). * Secure architectures (such as security kernels, Trusted Computing, but also specific prevention frameworks and architectures such as ASLR). * Methods and standards for determining the reliability of secure software and those who create them (such as the Common Criteria, SSE-CMM, ISO/IEC 27034). The course follows the various stages of a selected development to illustrate the roles and relevance of such phenomena.