A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

A Survey on Secure Software Development Lifecycles

2013 ◽  
pp. 57-73 ◽  
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

Toward effective adoption of secure software development practices

2018 ◽  
Vol 85 ◽  
pp. 33-46 ◽  
Author(s):  
Shams Al-Amin ◽  
Nirav Ajmeri ◽  
Hongying Du ◽  
Emily Z. Berglund ◽  
Munindar P. Singh
Keyword(s):  
Software Development ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices

scholarly journals Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

2016 ◽  
Author(s):  
Paulina Silva ◽  
René Noël ◽  
Santiago Matalonga ◽  
Hernán Astudillo ◽  
Diego Gatica ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
The Other ◽  
Software Systems ◽  
Security Threats ◽  
Controlled Experiments ◽  
Systematic Mapping ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

scholarly journals Secure Software Development Techniques and Challenges in their Practical Application

2020 ◽  
Author(s):  
Sun Jun Ee ◽  
Yi Hong Tong ◽  
Ahmed Ifrah Ibrahim ◽  
F Zahra
Keyword(s):  
Software Development ◽  
Development Environment ◽  
Software Companies ◽  
Development Framework ◽  
Security Practices ◽  
Secure Software ◽  
User Data ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Software Development Techniques

The main focus of this paper is to analyze and discuss the secure software development practices currently being adopted in the industry along with their significance, as well as to identify the challenges faced by developers when undertaking measures and techniques in writing secure software. It is a well-known fact that software security has been the top priority of many software companies such as Google and Facebook to thwart attackers and protect user data in this world full of cybercriminals. Understanding how most software companies in the industry operate to ensure security helps developers to identify strengths and weaknesses in their current security frameworks. Hence, by researching into previous literature and papers that are relevant to the topic and by conducting an interview with a professional in the field, this paper provides insights on the most popular secure software development framework and practices in the world as well as problems faced by companies when adopting these practices. Several security practices and activities that are required to create secure software are discovered alongside the problems that arise when companies are trying to apply these practices. This paper also proposes a few solutions that can be used to resolve these problems, which can be easily understood and implemented by software companies to transition into a truly secure software development environment.

scholarly journals Keamanan Sistem Perangkat Lunak dengan Secure Software Development Lifecycle

2021 ◽  
Vol 12 (1) ◽  
pp. 88-101
Author(s):  
Muhammad Rizky Hasan ◽  
Suhermanto Suhermanto ◽  
Suharmanto Suharmanto
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Secure Software Development ◽  
Software Development Life Cycle

Saat ini, pengembangan perangkat lunak lebih kompleks daripada sebelumnya di mana keamanan menjadi salah satu yang paling krusial. Masalah keamanan menjadi bagian penting untuk developer perangkat lunak.Kebutuhan keamanan dalam pengembangan perangkat lunak menghasilkanpenciptaan yang disebut Secure Software Development Life Cycle (SSDLC). Paper ini menyoroti kerentanan perangkat lunak dan pendekatan untuk mengatasinya. Untuk itu akan dibahas beberapa tool keamanan seperti OWASP dan ISSAF. Tujuannya agar dapat mengetahui sejauh mana tool-tool tersebut meminimalkan kerentanan dalam pengembangan perangkat lunak.

scholarly journals A Case-based Management System for Secure Software Development Using Software Security Knowledge

2015 ◽  
Vol 60 ◽  
pp. 1092-1100 ◽  
Author(s):  
Masahito Saito ◽  
Atsuo Hazeyama ◽  
Nobukazu Yoshioka ◽  
Takanori Kobashi ◽  
Hironori Washizaki ◽  
...  
Keyword(s):  
Software Development ◽  
Management System ◽  
Software Security ◽  
Secure Software ◽  
Secure Software Development ◽  
Case Based
Sign in / Sign up

Export Citation Format

Share Document