資訊科技的發達，資訊安全的問題對於人類生活的衝擊愈來愈嚴重，因為網路入侵攻擊以及軟體系統本身的漏洞所造成的危害，使得軟體系統的安全性目標一再遭受破壞，因此如何改善軟體系統的安全性，已是值得探討的課題。由於軟體系統的安全性屬於非功能性需求，愈早在軟體開發生命週期中導入安全性的思維，執行安全性動作，不但可以減少漏洞修補的成本，更可以大幅提升軟體系統的安全性。本文探討安全軟體開發生命週期最佳實務，並著重於設計階段，藉由風險管理的概念改善目前安全軟體開發生命週期所欠缺的完整性，以提升軟體系統的安全性。

As information technology got rapidly developed and highly utilized, the impacts of information security for everyone,s daily life became significant and serious. Since attackers often take advantage of software vulnerabilities to perform successful intrusions, the defenders must improve software security to avoid being compromised repeatedly. When non-functional requirements such as security controls are considered early in the software development lifecycle, it not only greatly reduces the cost of fixing security bugs at the production stage, but also comprehensively and effectively addresses the overall security of the developed software. This paper covers best practices throughout the secure software development lifecycle (SSDLC) with emphasis on security design and additional concepts.