Edit

411 Goals of secure software development

Clarify the core outcomes that secure software aims to achieve at every stage of its development and use.

This section introduces the overarching goals that guide the development of secure software systems. These goals go beyond technical functionality to include protecting users, supporting responsible system use, and aligning with legal and ethical expectations. Whether designing a login page, writing an API, or managing error states, software engineers are expected to design with these goals in mind.

Secure software is not just about defence against attacks—it is about building systems that behave predictably and responsibly, even when under pressure or misuse. These goals should be considered early and applied consistently throughout the development lifecycle.

Targets

In this chapter, students learn to:

  • Identify the fundamental goals of secure software design and implementation

  • Relate software security goals to practical development tasks

  • Understand the connection between user needs and security outcomes

  • Recognise how ethical, legal, and social factors influence secure system behaviour

Why goals matter

Without clear goals, it is difficult to measure whether software is secure. By establishing desired outcomes—such as confidentiality, reliability, auditability, and fairness—developers can guide their design decisions and evaluate trade-offs. These goals influence architecture, coding practices, data handling, and user interactions.

Common development goals

Some of the goals that often drive secure software development include:

  • Protecting user data and privacy

  • Preventing unauthorised access

  • Ensuring the integrity of records and transactions

  • Maintaining system availability under normal and adverse conditions

  • Supporting accountability through traceable user actions

  • Complying with laws and regulations such as the Privacy Act

Connecting goals to system behaviour

Each goal has practical implications. For example, protecting user data might mean encrypting personal records and using secure communication protocols. Supporting accountability might mean implementing session logging and permission management. These goals also connect to broader concepts like the CIA triad, AAA model, and ethical responsibility.

Previous410 Principles of secure softwareNext411.1 The CIA triad

Last updated

Was this helpful?