Security principles and management method for secure S/W introduction

An existing S/W development enterprises was negligent in S/W security problem because of imminent development period, insufficient fund and ignorance of security, and weakness problem of S/W almost has solved by beta test and a patch mostly. In addition, government agencies evaluate and review the suitability and security features of security S/W, but no separate security features are performed on other S/W products. Also, taking measures against the security vulnerabilities identified in introduced S/W may negatively affect services and systems that are already up and running, or incur significant additional costs. Therefore, This paper proposes security principles and a management method for the safe introduction of S/W at each stage from the planning stage, with a focus on the items to be considered from the user's perspective, to requirements review and assessment in the light of security, and disposal. It seems feasible that an enterprise or organization should be able to verify and manage safety at the S/W introduction stage by performing a risk analysis, security vulnerability check, and security assessment for each stage.