The following procedural patterns are defined by the DARPA paper in order to perform secure

software development practices:

Build the server from the ground up: It includes the following features:

Build the server from the ground up.

Identify the default installation of the operating system and applications.

Support hardening procedures to remove unnecessary services.

Identify a vulnerable service for ongoing risk management.

Choose the right stuff: It defines guidelines to select right commercial off-the-shelf (COTS)

components and decide whether to use and

build custom components.

Document the server configuration: It supports the creation of an initial configuration baseline and

tracks all modifications made to

servers and application configurations.

Patch proactively: It supports in applying patches as soon as they are available rather than waiting

until the systems cooperate.

Red team the design: It supports an independent security assessment from the perspective of an

attacker in the quality assurance or

testing stage. An independent security assessment is helpful in addressing a security issue before it

occurs.

Answer A is incorrect. Hidden implementation pattern is not defined in the DARPA paper. This

pattern is applicable to software

assurance in general. Hidden implementation limits the ability of an attacker to distinguish the

internal workings of an application.

Answer E is incorrect. Password propagation is not defined in the DARPA paper. This pattern is

applicable to aspects of authentication

in a Web application. Password propagation provides an alternative by requiring that a user's

authentication credentials be verified by the

database before providing access to that user's data.