The process of identifying, categorizing, and analyzing potential threats

The process of designing and developing secure systems

The process of testing and patching deployed products

The process of reducing vulnerabilities and risks

Only during the design and development phase

Only after a product has been deployed

Both during the design and development phase and after deployment

None of the above

To increase the number of security-related design and coding defects

To increase the severity of any remaining defects

To reduce the number of security-related design and coding defects

To reduce the severity of any remaining defects

Predicting threats and designing defenses during the coding process

Relying on post-deployment updates and patches to address threats

Crafting updates or patches to be added after deployment

Starting over from scratch to produce better products

Predicting threats and designing defenses during the coding process

Relying on post-deployment updates and patches to address threats

Crafting updates or patches to be added after deployment

Starting over from scratch to produce better products

A technique to stress software by supplying invalid input

A technique to identify potential attackers and their goals

A technique to identify vulnerabilities in software code

A technique to simulate attacks and analyze their impact

Focused on assets, focused on attackers, focused on software

Focused on assets, focused on vulnerabilities, focused on countermeasures

Focused on attackers, focused on vulnerabilities, focused on countermeasures

Focused on assets, focused on vulnerabilities, focused on attackers