Security engineering is based on design principles, practices, and models to ensure confidentiality, integrity, and the availability requirements of information assets. The end result could be the development of a product or supporting organizational processes. Further, the product could be hardware, software, or a combination of both.
Vulnerabilities are weaknesses in the process or product that might creep in during design stage, development, or in the end product. These weaknesses could be exploited for a myriad of reasons that include fraud, stealing trade secrets, the Denial-of-Services, and so on. Identifying vulnerabilities during design/development stage is critical to a secure an end product. Since the Information Technology environment is complex and diverse, it may not always be possible to foresee and identify all the possible vulnerabilities during the design/development stage itself. Hence, vulnerability...