Software Development Life Cycle Processes with Secure
Ashok Kumar Gottipalla, N.M.S.Desai, M.Sudhakar Reddy
Uppal Hyderabad Ranga Reddy (Dt) Pin code: 500039
Abstract- It is to be to present the information about existing processes, standards, life cycle models, frameworks, and methodologies that support or could support secure software development. This includes software engineering process group (SEPG) members, software developers, and managers seeing information about existing software development life cycle (SDLC) processes that address security. Index Terms- SDLC processes, security Risk Identification, security engineering activities.
engineering), but do not generally provide operational guidance for performing the work. In other words, they don‟t define processes, they define process characteristics; they define the what, but not the how: “CMM-based evaluations are not meant to replace product evaluation or system certification. Rather, organizational evaluations are meant to focus process improvement efforts on weaknesses identified in particular process areas” Capability Maturity Model Integration (CMMI) The Capability Maturity Model Integration (CMMI) framework helps organizations increase the maturity of their processes to improve long-term business performance. The CMMI provides the latest best practices for product and service development, maintenance, and acquisition, including mechanisms to help organizations improve their processes and provides criteria for evaluating process capability and process maturity. Improvement areas covered by this model include systems engineering, software engineering, integrated product and process development, supplier sourcing, and acquisition. The CMMI has been in use for more than three years and will eventually replace its predecessor, the Capability Maturity Model for Software (SW-CMM), which has been in use since the mid-1980s. As of June 2005, the Software Engineering Institute (SEI) reports that 782 organizations and 3250 projects have reported results from CMMI-based appraisals [SEI 05a]. Beginning in 1987 through June 2005, 2,859 organizations and 15,634 projects have reported results from SW-CMM-based appraisals and assessments [SEI05b]. The CMMI addresses four categories for process improvement and evaluation. Each category includes several Process Areas. As shown in Figure 1, the CMMI addresses project management, supplier management, organization-level process improvement as well as training, quality assurance, measurement, and engineering practices. However, it does not specifically address the four areas mentioned earlier (security risk management, security engineering practices, security assurance, and project/organizational processes for security), although it is not unreasonable to assume that each of these are special cases of practices already addressed by the CMMI.
he purpose of is to collect and present overview information about existing processes, standards, life cycle models, frameworks, and methodologies that support or could support secure software development. Where applicable and possible, some evaluation or judgment may be provided for particular life cycle models, processes, frameworks, and methodologies. The target for this includes software engineering process group (SEPG) members who want to integrate security into their standard software development processes. It is also relevant for developers and managers looking for information on existing software development life cycle (SDLC) processes that address security. Technology or content areas described include existing frameworks and standards such as the Capability Maturity Model® Integration (CMMI®) framework, the FAA-iCMM, the Trusted CMM/Trusted Software Methodology (T-CMM/TSM), the Systems Security Engineering Capability Maturity Model...