文档介绍：内容提要
现状与回顾
安全：从工程到科学的挑战
学科性质
人的因素
开放系统
安全：从工程到科学的途径
核心论
规范论
启示
结束语
*
第一页，共36页。
现状：从知识结构来看
第二页，共36页。
技能列表+WWHW
Can implement solid security practices
Can perform in depth risk analysis
Can configure proper access rights and permissions
Can implement access control
Can secure data as it crosses the network
Can implement proper change control
Understand methods used to attack resources
Understand the system development life cycle
Can perform security audits
Can develop a business continuity plan
Understands laws on and about computer crime
Ability to know What、Why、How
and know WHO!
第三页，共36页。
Individual control of personal data
Products, online services adhere to fair information principles
Protects individual’s right to be left alone
Resilient againstattack
Protects confidentiality, integrity, availability of data and systems
Engineering Excellence
Dependable, performs at expected levels
Available when needed
Open, transparent interaction with customers
Address issues with products and services
Help customers find appropriate solutions
现状：业界十年的实践
第四页，共36页。
Secure by Deployment
New patch management tools
7 Microsoft Official Curriculum courses available at launch
Official security configuration guides
Integrated security tools
Secure by Design
Mandatory training
Built threat models
Conducted code reviews and penetration testing
Used automated code tools
Design: Least Privilege
Secure by Default
60% less attack surface area by default compared to Windows NT SP3
20+ services changed to be off by default
Service install in a secure state (IIS Lockdown Tool)
安全框架: SD3+C
Communications
Writing Secure Code
Patch Management White Papers
第五页，共36页。
第六页，共36页。
Security Development Lifecycle
SDL mapped against Traditional Software Development Lifecycle
安全软件工程需要适应软件即服务的环境和流程
安全软件工程需要安全架构师全过程开发与跟踪！
第七页，共36页。
另一个例子：SEMAT
SEMAT：Software Engineering Method and Theory
2009年，由Ivar Jacobson 等三人发起——寻找软件工程方法和理论的本质，