Five security principles/concepts in software development include least privilege, separation of privilege, fail securely, nonrepudiation, and secure the weakest link.

1. (10 points) A company develops a new security product using the extreme programming software development methodology – programmers code, then test, then add more code, then test, and continue the iteration. Every day, the code base is tested as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. The company does not offer any additional evidence of assurance. Explain to the management of this company why their software is NOT highly assured.

2. (10 points) Five security principles/concepts in software development include least privilege, separation of privilege, fail securely, nonrepudiation, and secure the weakest link. First, briefly describe each, then give a specific example of each in practice, and then finally rank the relative importance of each (#1 highest, #5 lowest). Justify your ranking.