Question 1. Virtual Memory Security Virtual memory management has a number of implications for performance and other administrative metrics. However, as is true with most technologies, there are also security implications to virtual memory that must play a role in implementing and managing virtual systems. Discuss the potential security implications of memory management activities and choices, and the mitigating activities that can reduce any security vulnerabilities.

Questions 2. Software Security Testing Security professionals typically know all about firewalls, IDS systems, and other common security controls. They are often not nearly so well versed in the issues surrounding software development security nor do they play a significant role in it to the degree that they do in other security domains. This "black box" in an organizational security management program has to be opened up and thoroughly integrated into day-to-day security governance and oversight if we are to get a handle on the risk facing many organizations from poorly written computer code. Security professionals have to get more familiar with software development, and software developers need to get more familiar with security. Discuss the methods and the tools available to the security professional that may mitigate some of the risk caused by poorly written computer code.

Question 3. Software Security Testing Roles and Responsibilities It is typical for organizations to purchase much of their software with IT and security roles assigned the task of keeping up with the vulnerability patching that seems an inevitable part of the software cycle these days. One area where organizations often still retain development is the creation and maintenance of their Web sites. Depending on the level of functionality that organizations build into these Web sites, they can become significantly integrated with back-end systems and databases. Using the experience of the virtual labs and the study materials, discuss the workflow that would be appropriate to ensure that Web developers have adequate oversight by security professionals, and that code is properly vetted before being exposed to the Internet. Include in the discussion the kinds of skills that security professionals would be expected to maintain in order to properly do this work, and the resources that are available to them to stay current on existing vulnerabilities.