Today’s shorter development processes force the programmers to focus a lot onfunctionality. This can be devastating, since the security concerns get lower priority.

Even if there are explicit security requirements in the requirements specification,the risk of misunderstandings between the project members concerning security interpretation is high.

A great idea to reduce the number of potential software vulnerabilities is to make the project members aware of the threatening picture against the software. This can be done with examples from an everyday perspective.

Combitech uses an own developed methodology called ITSI to handle these problems. ITSI describes security issues for the target group of software engineers, programmers and technical project leaders.

The methodology is based on many years of experience within software security reviews. The aim is to complement an arbitrary development process with security guidelines and requirements by following simple principals. ITSI is easy and cheap to adopt and use.