Contents -- Preface -- Endnotes -- Foreword -- 1 Introduction -- Preamble -- Scope and Structure of the Book -- Acknowledgments -- Endnotes -- 2 Engineering Systems -- Introduction -- Some Initial Observations -- Deficient Definitions -- Rationale -- What Are Systems? -- Deconstructing Systems Engineering -- What Is Systems Engineering? -- Systems Engineering and the Systems Eng -- The DoD Text -- Another Observation -- More on Systems Engineering -- The Systems Engineering Process (SEP) -- Summary and Conclusions -- Endnotes -- 3 Engineering Software Systems -- Introduction -- The Great Debate -- Some Observations -- Rationale -- Understanding Software Systems Engineeri -- Deconstructing Software Systems Engineer -- What Is Software? -- What Are Software Systems? -- Are Control Software Systems Different? -- What is Software Systems Engineering? -- The Software Systems Engineering Process -- Steps in the Software Development Proces -- Omissions or Lack of Attention -- Nonfunctional Requirements -- Testing Nonfunctional Attributes -- Verification and Validation -- Creating Requisite Functional and Nonfun -- Resiliency and Availability -- Decommissioning -- Summary and Conclusions -- Endnotes -- 4 Engineering Secure and Safe Systems, Part I -- Introduction -- The Approach -- Security Versus Safety -- Four Approaches to Developing Critical Systems -- The Dependability Approach -- The Safety Engineering Approach -- The Secure Systems Approach -- The Real-Time Systems Approach -- Security-Critical and Safety-Critical Systems -- Summary and Conclusions -- Endnotes -- 5 Engineering Secure and Safe Systems, Part 2 -- Introduction -- Approach -- Reducing the Safety-Security Deficit -- Game-Changing and Clean-Slate Approaches -- A Note on Protection -- Safety-Security Governance Structure and Risk Management -- An Illustration.

The General Development Life Cycle -- Structure of the Software Systems Development Life Cycle -- Life Cycle Processes -- Governance Structure for Systems Enginee -- Risks of Security-Oriented Versus Safety -- Expertise Needed at Various Stages -- Summary and Conclusions -- Endnotes -- 6 Software Systems Security and Safety Risk -- Introduction -- Understanding Risk -- Risks of Determining Risk -- Software-Related Risks -- Motivations for Risk Mitigation -- Defining Risk -- Assessing and Calculating Risk -- Threats Versus Exploits -- Threat Risk Modeling -- Threats from Safety-Critical Systems -- Creating Exploits and Suffering Events -- Vulnerabilities -- Application Risk Management Considerations -- Subjective vs. Objective vs. Personal Risk -- Personalization of Risk -- The Fallacies of Data Ownership, Risk Appetite, and Risk Tolerance -- The Dynamics of Risk -- A Holistic View of Risk -- Summary and Conclusions -- Endnotes -- 7 Software System Security and Safety Metrics -- Introduction -- Obtaining Meaningful Data -- Defining Metrics -- Differentiating Between Metrics and Meas -- Software Metrics -- Measuring and Reporting Metrics -- Metrics for Meeting Requirements -- Risk Metrics -- Consideration of Individual Metrics -- Security Metrics for Software Systems -- Safety Metrics for Software Systems -- Summary and Conclusions -- Endnotes -- 8 Software System Development Processes -- Introduction -- Processes and Their Optimization -- Processes in Relation to Projects and Products/Services -- Some Definitions -- Chronology of Maturity Models -- Security and Safety in Maturity Models -- FAA Model -- The +SAFE V1.2 Extension -- The +SECURE V1.3 Extension -- The CMMI Approach -- General CMMI -- CMMI for Development -- Incorporating Safety and Security Proces -- +SAFE V1.2 Comparisons -- +SECURE V1.2 Comparisons -- Summary and Conclusions.

Endnotes -- 9 Secure SSDLC Projects in Greater Detail -- Introduction -- Different Terms, Same or Different Meani -- Creating and Using Software Systems -- Phases and Steps of the SSDLC -- Summary and Conclusions -- Endnotes -- 10 Safe SSDLC Projects in Greater Detail -- Introduction -- Definitions and Terms -- Hazard Analysis -- Software Requirements Hazard Analysis -- Top-Level Design Hazard Analysis -- Detailed Design Hazard Analysis -- Code-Level Software Hazard Analysis -- Software Safety Testing -- Software/User Interface Analysis -- Software Change Hazard Analysis -- The Safe Software System Development Lif -- Combined Safety and Security Requirement -- Summary and Conclusions -- Endnotes -- 11 The Economics of Software Systems' Safety and Security -- Introduction -- Closing the Gap -- Technical Debt -- Application of Technical Debt Concept to -- System Obsolescence and Replacement -- The Responsibility for Safety and Security by Individuals and Groups -- Basic Idea -- Extending the Model -- Concept and Requirements Phase -- Design and Architecture Phase -- Development -- Verification -- Validation -- Deployment, Operations, Maintenance, and -- Decommissioning and Disposal -- Overall Impression -- Methods for Encouraging Optimal Behavior -- Pricing -- Chargeback -- Costs and Risk Mitigation -- Management Mandate -- Legislation -- Regulation -- Standards and Certifications -- Going Forward -- Tampering -- Tamper Evidence -- Tamper Resistance -- Tamperproofing -- A Brief Note on Patterns -- Conclusions -- Endnotes -- Appendix A Software Vulnerabilities, Errors, and Attacks -- Ranking Errors, Vulnerabilities, and Risks -- The OWASP Top Security Risks -- The CWE/SANS Most Dangerous Software Errors -- Top-Ranking Safety Issues -- Enumeration and Classification -- WASC Threat Classification -- Summary and Conclusions -- Endnotes.

Appendix B Comparison of ISO/IEC 12207 and CMMI-DEV Process Areas -- Appendix C Security-Related Tasks in the Secure SSDLC -- Task Areas for SSDLC Phases -- Involvement by Teams and Groups for Secure SSDLC Phases -- A Note on Sources -- Endnotes -- Appendix D Safety-Related Tasks in the Safe SSDLC -- Task Areas for Safe SSDLC Phases -- Levels of Involvement -- A Note on Sources -- Endnotes -- About the Author -- Index.