What’s new in Software Development Security

ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Software Development Security, besides the apparent name change from Application Security?”

First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”

I started going through this domain and other than some re-sequencing, only found two minor changes.

But before the minor changes, let me say this, generally, with respect to all the domains.  ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition.  You can take that for what it is worth.  For example, in the section on “Types of Viruses”, the 2nd Edition simply had them listed as:

Boot Sector Infectors –

Where the 3rd Edition has them listed as:

  • Boot Sector Infectors

As I said, you can take that for what it is worth; the information remains the same however.  Now for those two minor changes:

  • Web Application Threats and Protection section, got an extra paragraph which identifies the Open Web Application Security Project (OWASP) and their guides for web app development.
  • The Certification and Accreditation section, received an extra paragraph, outlining several reasons why a private organization may choose to undergo a formal authorization process.

All-in-all it appears to me that the biggest change, apart from the name change, was some re-sequencing.