A company develops a new security product using the extreme programming software development methodology programmers code, then test, then add more code, then test, and continue the iteration. Every day, they test the code base as a whole. The programmers work in pair when writing code to ensure that at least one other person reviews the code. The company does not adduce any additional evidence of assurance. How will you explain to the management of this company why their software is not a high assurance software?
Part III: 1 Long Answer Question requiring no more than 2 pages, double-spaced (30 points)
One well-known secure software development methodology is that of Microsoft, the Microsoft Security Development Lifecycle (see https://www.microsoft.com/en-us/sdl/. Explain what the methodology is, what security activities take place in various phases of the development, what its drawbacks if any are. Feel free to use other Microsoft resources to support your answer.
