Date Added: Mar 2010
This paper describes secure engineering practices for software products. The authors offer a description of an end-to-end approach to product delivery, with security taken into account. IBM is publishing this in the hope that interested parties - whether they be clients, other IT companies, academics and others - can find these practices to be a useful example of the type of security practices that are increasingly a must-have for developing products and applications that run in the world's digital infrastructure. The authors also hope this paper can enrich the continued collaboration with others in the industry, standards bodies, government, and elsewhere, as the authors seek to learn and continuously refine the approach.