Software security risk compliance and management model

<p>INTRODUCTION</p><p>Software security management is becoming an essential societal</p><p>and cultural service demanded not only by governmental organizations but</p><p>also by private establishments nowadays. Overall system security is</p><p>heavily dependent on software that resides in many hardcore embedded</p><p>chips but also in a wide area of distributed network elements. Most of the</p><p>software system security issues burst from many non-compliance in the</p><p>operational modes of software applications and executable managerial service</p><p>functions. The security problems have multiple modes of exploitation based</p><p>on system vulnerabilities and also on the planned attacks on the information</p><p>assets. The thin layer of segregation between hardware and software</p><p>transforms the outside attacks into an executable deterministic threat or a</p><p>probabilistic exploitable risk based on the existing vulnerable noncompliances.</p>