Software Security Checklist for the Software Life Cycle
نویسندگان
چکیده
A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionalb, software security has been treated as an afterthought leading to a cycle of ‘penetrate and patch. ’ Due to its criticality, security should be integrated as a formal approach .in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process. The current research at JPL addresses both of these areas through the development of a Software Security Assessment Instrument (SSAI). This paper focuses on the development of a Software Security Checklist (SSC) for the life cycle. It includes the critical areas of requirements gathering and specijication, design and code issues, and maintenance and decommissioning of software and systems.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملSecure Software Development Model
--Extreme programming (XP) is a modern approach for iterative development of software in which you never wait for the complete requirements and start development. Security is usually unnoticed during early phases of software life cycle. In this paper, our main objective is to focus on security requirements at each phase of software life cycle. In this regard, XP is a key solution that provides ...
متن کاملAddressing Software Security and Mitigations in the Life Cycle
Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle.[1] The Jet...
متن کاملA Comparative Overview of the Most Common Methodologies for Secure Software Development
Security is a property of an entire system in context. Rather than a software product; so a thorough understanding of system security risk analysis is necessary in the entire software life cycle for a successful project. This aspect is strongly related to costs, risks and reputation of an organization. Focus on security in the software development life cycle can be divided into two distinct cat...
متن کامل