Abstract
Most traditional software development methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. It is argued that security considerations should provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. Therefore, to build more secure software applications, an improved software development process is required. The Secure Software Development Model (SecSDM), as described in this paper, is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model.
Please use the following format when citing this chapter: Futcher, L., von Solms, R., 2007, in IFIP International Federation for Information Processing, Volume 237, Fifth World Conference on Information Security [Education, eds. Futcher. L., Dodge. R., (Boston: Springer), pp. 41–48.
Chapter PDF
Similar content being viewed by others
References
Taft, D. K. (2004, Dec). Microsoft aids secure coding. eWeek.
Jurjens, J. (2002, May). Using UMLSec and goal trees for secure systems development. Communications of the ACM, 48(5), pp. 1026–1030.
Task Force Report. (2004, April). Improving security across the software development life cycle (Technical Report). National Cyber Security Summit.
Jones, R. L.& Rastogi, A. (2004, Nov). Secure coding–building security into the software development life cycle. Application Program Security, pp. 29–38.
Lipner, S.& Howard, M. (2005). The trustworthy computing security development lifecycle. 27. (cited on 15th April 2005)
Tryfonas, T.& Kiountouzis, E. (2002). Information systems security and the information systems development project. In Proceedings of IFIP.
ISO. (2005). ISO/IEC 17799: Information Technology–Code of Practice for Information Security Management.
ISO. (1998). ISO/IEC TR 13335-3: Information Technology–Guidelines for the Management of IT Security. Part 3; Techniques for the management of IT security.
NIST (1996, Sept). Generally accepted principles and practices for securing information technology systems. NIST Special Publication 800-14. (http://csrc.nist.gov/publications)
ISO. (1989). ISO 7498-2: Information Processing Systems–Open System Interconnection — Basic Reference Model–Part 2: Security Architecture.
Tipton, H. F.& Krause, M. (2006). Information security management handbook (Fifth ed., Vol. 3). New York: United States of America: Auerbach Publications.
Landoll, D. J. (2006). The security risk assessment handbook: A complete guide for performing security risk assessments. New York: United States of America: Auerbach Publications.
Whitman, M.& Mattord, M. (2003). Principles of information security. Thomson Course Technology.
Tompkins, F. G.& Rice, R. (1985). Integrating security activities into the software development life cycle and the quality assurance process. In Proceedings of IFIP pp. 65–105.
Siponen, M., Baskerville, R.& Kuivalainen, T. (2005). Integrating security into agile development methods. In Proceedings of the 38th Hawaii international conference on system sciences.
Gregory, P. H. (2003). Security in the software development life cycle (Technical Report). The Hart Gregory Group Inc.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Futcher, L., von Solms, R. (2007). SecSDM: A Model for Integrating Security into the Software Development Life Cycle. In: Futcher, L., Dodge, R. (eds) Fifth World Conference on Information Security Education. WISE 2007. IFIP Advances in Information and Communication Technology, vol 237. Springer, New York, NY. https://doi.org/10.1007/978-0-387-73269-5_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-73269-5_6
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-73268-8
Online ISBN: 978-0-387-73269-5
eBook Packages: Computer ScienceComputer Science (R0)