# Introduction [Lecture 1 - Course Overview & Introduction](https://docs.google.com/presentation/d/1ml6-Cuty9bOZxKV4alDn2MdVQuYDoBrOLqq5HjvcdF4/) - Software _Engineering_ = A systematic approach to develop software. - Ideation - Requirements - Design - Development - Testing - Deployment - Maintenance ## Differences - Compared to _Civil_ Engineering, Software Engineering is **iterative and agile**. - Compared to _Hardware_, Softwares **do not ware out**. - Compared to _Program_, Softwares are beyond just the executables: documentations, source code, infrastructures,... - ==Software is extremely complex!== ![Hardware Lifecycle](https://static.javatpoint.com/tutorial/software-engineering/images/software-engineering-software-failure-mechanisms.png) ![Software Lifecycle](https://static.javatpoint.com/tutorial/software-engineering/images/software-engineering-software-failure-mechanisms2.png) ## Security > [!note] > **Software security** is the idea of engineering software so that it > continues to function correctly under malicious attack. - Be proactive, address the issues early in the life cycle. ## Concepts - Vulnerability - Caused by _Bug_ during the _implementation_ - Caused by _Design Flaw_ -- usually in the security features. - Exploit = the action of exploiting the vulnerabilities - Threat = actor or agent that is a source of danger; or, a class of exploits. - CIA Triad = Confidentiality + Integrity + Availability ## Goals - Identification & Authentification - Accountability (Non-repudiation) = who is doing what can be traced - Privacy ## Databases > "Weakness" is the _Class_, while "Vulnerability" is the _Object_. - [National Vulnerability Database](https://nvd.nist.org/) - CVE ID = Common Vulnerability Exposure - [Common Weakness Enumeration](https://cwe.mitre.org) - CWE ID - [CVSS - Common Vulnerability Scoring System](https://nvd.nist.gov/vuln-metrics/cvss) -