Managing the Secure Software Development

článek ve sborníku ve WoS nebo Scopus

angličtina

Nowadays, software development is a more complex process than ever was and it faces the challenges, where security became one of the most crucial. The security issues became an essential part of software engineers and understanding the vulnerabilities, risks and others became the everyday bread. The needs of security in software development resulted in the creation of the so-called Secure Software Development Life Cycle (SSDLC). This is a methodological concept included in classical Software Development Life-Cycle, which is described by five main phases - analysis, design, implementation (building), testing, and evaluation (deployment and maintenance). The SSDLC adds another dimension ensuring the security. We introduce our same named tool "Secure Software Development Life-cycle", which follows the general idea and goes beyond it. Our tool helps to create security, hardening, testing, and validation reporting guidelines for selected use-cases. This tool is an environment for defining the current and future security requirements based on the collection of standards, recommendations, best practice, and many others. Connecting the SSDLC with other tools improves the general level of automation of the Product Life Cycle (PLC). The SSDLC gives a connection and context among security, safety and performance parameters. Compared with static security requirements definition, the SSDLC provides simple future extension and straight integration to the PLC process with non- or nearly-non personal (human) interaction.

Security;Software development lify cycle;Development;Software engineering;Management

FUJDIAK, R.; MLÝNEK, P.; MRNUSTIK, P.; BARABAS, M.; BLAŽEK, P.; BORCIK, F.; MIŠUREC, J.

24. 6. 2019

978-1-7281-1542-9

2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

1

4

4

https://ieeexplore.ieee.org/abstract/document/8763845