Читаем CISSP Practice полностью

Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at anytime during its life cycle, and that the software functions in the intended manner.

Software-based fault isolation

A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe programming language (e.g., C) to be executed safely within the single virtual address space of an application. Access to system resource can also be controlled through a unique identifier associated with each domain.

Software cages

As a part of technical safeguards for active content, software cages constrain the mobile code’s behavior (e.g., privileges or functions) during execution. Software cage and quarantine mechanism are part of behavior controls that dynamically intercept and thwart attempts by the subject code to take unacceptable actions that violate a security policy. Mobile code based on predefined signatures (i.e., content inspection) refers to technologies such as dynamic sandbox, dynamic monitors, and behavior monitors, which are used for controlling the behavior of mobile code. Statistics are used to verify the behavioral model.

Software development methodologies

Methodologies for specifying and verifying design programs for system development. Each methodology is written for a specific computer language.

Software enhancement

Significant functional or performance improvements.

Software engineering

The use of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, that is, the use of engineering principles in the development of software.

Software escrow arrangement

Something (e.g., a document, software source code, or an encryption key) that is delivered to a third person to be given to the grantee only upon the fulfillment of a condition or a contract.

Software library

The controlled collection of configuration items associated with defined baselines: Three libraries can exist: (1) dynamic library used for newly created or modified software elements, (2) controlled library used for managing current baselines and controlling changes to them, and (3) static library used to archive baselines.

Software life cycle

The sequence of events in the development or acquisition of software.

Software maintenance

Activities that modify software to keep it performing satisfactorily.

Software operation

Routine activities that make the software perform without modification.

Software performance engineering

A method for constructing software to meet performance objectives.

Software quality assurance

The planned systematic pattern of all actions necessary to provide adequate confidence that the product or process by which the product is developed conforms to established requirements.

Software reengineering

The examination and alteration of a subject system to reconstitute it in a new form and the subsequent implementation of the new form. Software reengineering consists of reverse engineering followed by some form of forward engineering or modification. One reason to consider reengineering is the possible reduction of software maintenance costs. The goal is to improve the quality of computer systems.

Software release

An updated version of commercial software to correct errors, resolve incompatibilities, or improve performance.

Software reliability

The probability that given software operates for some time period, without system failure due to a software fault, on the machine for which it was designed, given that it is used within design limits.

Software repository

A permanent, archival storage place for software and related documentation.

Software security

Those general-purpose (executive, utility, or software development tools) and application programs and routines that protect data handled by a computer system and its resources.

Source code

A series of statements written in a human-readable computer programming language.

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk commercial e-mail messages and junk e-mails.

Spam filtering software

A computer program that analyzes e-mails to look for characteristics of spam, and typically places messages that appear to be spam in a separate e-mail folder.

Spamming

Posting identical messages to multiple unrelated newsgroups on the Internet (e.g., USENET). Often used as cheap advertising to promote pyramid schemes or simply to annoy other people.

Spanning port