About Cyber Security Engineering
Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the life cycle was $0.5 million. In addition, Microsoft’s own data show that when security was considered throughout the life cycle in developing Windows Vista, there were 45% fewer vulnerabilities than earlier versions.
Read an overview (pdf) of how our work helps to assure software security. Learn about current Cyber Security Engineering research projects starting on page 4 in the 2010 CERT Research Report (pdf).