Secure Sdlc
International Journal of Scientific and Research Publications, Volume 3, Issue 3, March 2013 ISSN 2250-3153
1
Software Development Life Cycle Processes with Secure
Ashok Kumar Gottipalla, N.M.S.Desai, M.Sudhakar Reddy
Uppal Hyderabad Ranga Reddy (Dt) Pin code: 500039
Abstract- It is to be to present the information about existing processes, standards, life cycle models, frameworks, and methodologies that support or could support secure software development. This includes software engineering process group (SEPG) members, software developers, and managers seeing information about existing software development life cycle (SDLC) processes that address security. Index Terms- SDLC processes, security Risk Identification, security engineering activities.
engineering), but do not generally provide operational guidance for performing the work. In other words, they don‟t define processes, they define process characteristics; they define the what, but not the how: “CMM-based evaluations are not meant to replace product evaluation or system certification. Rather, organizational evaluations are meant to focus process improvement efforts on weaknesses identified in particular process areas” Capability Maturity Model Integration (CMMI) The Capability Maturity Model Integration (CMMI) framework helps organizations increase the maturity of their processes to improve long-term business performance. The CMMI provides the latest best practices for product and service development, maintenance, and acquisition, including mechanisms to help organizations improve their processes and provides criteria for evaluating process capability and process maturity. Improvement areas covered by this model include systems engineering, software engineering, integrated product and process development, supplier sourcing, and acquisition. The CMMI has been in use for more than three years and will eventually replace its predecessor, the Capability Maturity Model for Software (SW-CMM),
1
Software Development Life Cycle Processes with Secure
Ashok Kumar Gottipalla, N.M.S.Desai, M.Sudhakar Reddy
Uppal Hyderabad Ranga Reddy (Dt) Pin code: 500039
Abstract- It is to be to present the information about existing processes, standards, life cycle models, frameworks, and methodologies that support or could support secure software development. This includes software engineering process group (SEPG) members, software developers, and managers seeing information about existing software development life cycle (SDLC) processes that address security. Index Terms- SDLC processes, security Risk Identification, security engineering activities.
engineering), but do not generally provide operational guidance for performing the work. In other words, they don‟t define processes, they define process characteristics; they define the what, but not the how: “CMM-based evaluations are not meant to replace product evaluation or system certification. Rather, organizational evaluations are meant to focus process improvement efforts on weaknesses identified in particular process areas” Capability Maturity Model Integration (CMMI) The Capability Maturity Model Integration (CMMI) framework helps organizations increase the maturity of their processes to improve long-term business performance. The CMMI provides the latest best practices for product and service development, maintenance, and acquisition, including mechanisms to help organizations improve their processes and provides criteria for evaluating process capability and process maturity. Improvement areas covered by this model include systems engineering, software engineering, integrated product and process development, supplier sourcing, and acquisition. The CMMI has been in use for more than three years and will eventually replace its predecessor, the Capability Maturity Model for Software (SW-CMM),
References: [1] [2] The Agile Alliance. Manifesto for Agile Software Development. http://agilemanifesto.org (2001). Beznosov, Konstantin. eXtreme Security Engineering: On Employing XP Practices to Achieve „Good Enough Security‟ without Defining It. http://konstantin.beznosov.net/professional/papers /eXtreme_Security_Engineering.html (2003). Beznosov, Konstantin & Kruchten, Philippe. Towards Agile Security Assurance. http://konstantin.beznosov.net/professional/papers /Towards_Agile_Security_Assurance.html (2004). [3] www.ijsrp.org