Software quality engineering involves:
- identifying required software attributes,
- specifying the degree to which each must be present,
- designing and implementing software with these attributes, and
- applying appraisal techniques to assure their presence.
Security issues arise when software defects can be exploited to compromise the accessibility of a system or the confidentiality or the integrity of its information.
Applying well-established software quality engineering approaches to security issues can provide insights into how software needs to be built and used in the face of security threats. Specifically, these approaches support allocation of development and assurance resources, as well as informed release or revision decisions. The safest automobile may well be the one parked in your driveway, but it is scarcely useful for transportation. So, too, a fully secure system would have to sacrifice all usability and functionality.
What is needed is to strike an appropriate balance between security and other attributes. An engineering approach to software quality supports customer- and data-driven tradeoffs among various quality attributes.