Skip to main content
SpringerLink
Log in

A Survey on the Effectiveness of the Secure Software Development Life Cycle Models

  • Chapter
  • First Online:
Innovations in Cybersecurity Education

Abstract

Today, a central and critical aspect of cybersecurity problems is related to software problem. Software security is about the understanding of software-induced security risks and how to manage them. To manage software security effectively, we need to understand the process of designing, building, and testing software for security. The System Development Life Cycle (SDLC) process that is currently used to support software development does not address any security components until after the software is developed. From the perspective of software security, the Secure Software Development Life Cycle (SSDLC) is similar to the SDLC but includes security components in its phases. There have been many SSDLC models proposed that are primarily modified from preexisting SDLC models. A study was conducted to survey a selected group of SSDLC models and their effectiveness. The authors first identified four popular SSDLC models used in the IT industry and then analyzed their common characteristics to derive four sets of criteria for comparison. These criteria are Focus Areas of Application, Implementation of Model, Security Implementations and Enhancements, and Security Training and Staff. Overall, the comparison results demonstrate that the Rastogi and Jones model is considered to be an effective one for many IT projects, especially for Agile projects. However, it is worthy to mention that, because of the various types of IT projects, one specific model cannot be applied for use in all types of IT projects. For an IT project operated in Waterfall, the BSI Seven Touchpoints model can be an excellent alternative.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Identity Theft. https://www.usa.gov/identity-theft. Accessed 24 Feb 2020

  2. Massive Smart Home Breach Leads To Consumer Security Concerns. https://www.idtheftcenter.org/massive-smart-home-breach-leads-to-consumer-security-concerns/. Accessed 24 Feb 2020

  3. Ring Throws Customers Under The Bus After Data Breach. https://www.eff.org/deeplinks/2019/12/ring-throws-customers-under-bus-after-data-breach. Accessed 24 Feb 2020

  4. H.D. Benington, Production of large computer programs, in Proceedings, ONR Symposium on Advanced Programming Methods for Digital Computers, (1956), pp. 15–27

    Google Scholar 

  5. W.W. Royce, Manage the development of large software systems, proceedings. IEEE WESCON 26, 1–9 (1970). http://www-scf.usc.edu/~csci201/lectures/Lecture11/royce1970.pdf. Accessed 24 Feb 2020

    Google Scholar 

  6. B.W. Boehm, A Spiral Model of Software Development and Enhancement, Computer (1988), pp. 61–72

    Google Scholar 

  7. The Scrum Guide, pp. 17. https://www.scrumguides.org/docs/scrumguide/v2016/2016-Scrum-Guide-US.pdf. Accessed 24 Mar 2020

  8. K. Beck et al. Manifesto for Agile Software Development. https://Agilemanifesto.org/iso/en/manifesto.html. Accessed 24 Feb 2020

  9. J.M. Kerr, R. Hunter, Inside RAD: How to Build a Fully Functional System in 90 Days or Less (McGraw-Hill, 1994)

    Google Scholar 

  10. Software Prototyping. https://www.ingsoftware.com/software-prototyping. Accessed 24 Mar 2020

  11. I. Jacobson, G. Booch, J. Rumbaugh, The Unified Software Development Process (Addison-Wesley Professional, 1999)

    Google Scholar 

  12. K. Beck, Extreme Programming Explained: Embrace Change (Addison-Wesley, 2000)

    Google Scholar 

  13. European Commission, Special Eurobarometer 460, Attitudes towards the impact of digitisation and automation on daily life (2017). https://ec.europa.eu/commfrontoffice/publicopinion/index.cfm/Survey/getSurveyDetail/instruments/SPECIAL/surveyKy/2160. Accessed 24 Feb 2020

  14. PwC Consumer Intelligence Series: Protect.me https://www.pwc.com/us/en/services/consulting/library/consumer-intelligence-series/cybersecurity-protect-me.html. Accessed 24 Feb 2020

  15. R.L. Jones, A. Rastogi, Secure coding: Building security into the software development life cycle. 29-39. Inf. Syst. Secur. 13(5) (2004)

    Google Scholar 

  16. Keary, E., & Manico, J. (n.d.). Secure Development LifeCycle. https://www.owasp.org/images/7/76/Jim_Manico_(Hamburg)_-_Securiing_the_SDLC.pdf. Accessed 24 Feb 2020

  17. S. Lipner, The trustworthy computing security development LifeCycle, in Proc. 20 th Annual Computer Security Applications Conference, Pp 2-15, Tucson, AZ, (2004)

    Google Scholar 

  18. G. McGraw, Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)

    Article  Google Scholar 

  19. Microsoft. (2012). Microsoft Security Development Lifecycle (SDL) – Version 5.2. https://docs.microsoft.com/en-us/previous-versions/windows/desktop/cc307748%28v%3dmsdn.10%29. Accessed 24 Feb 2020

    Google Scholar 

  20. M. Morana. Building Security into the Software Life Cycle, a Business Case (n.d.). https://www.blackhat.com/presentations/bh-usa-06/bh-us-06-Morana-R3.0.pdf. Accessed 24 Feb 2020

  21. T. Ayalew, T. Kidane, B. Carlsson, Identification and evaluation of security activities in agile projects, in 2013 Nordic Conference on Secure IT Systems, (Ilulissat, Greenland, 2013), pp. 139–153

    Google Scholar 

  22. M.I. Daud, Secure software development model: A guide for secure software life cycle, in Proc. the International MultiConference of Engineerings and Computer Scientist 2010, Vol. I, Hongkong, (2010)

    Google Scholar 

  23. J. Gregoire, K. Buyens, B.D. Win, R. Scandariato, W. Joosen, On the secure software development process: CLASP and SDL compared, in Proc. 29 th International Conference on Software Engineering Workshops, 2007. https://www.researchgate.net/publication/4261954_On_the_Secure_Software_Development_Process_CLASP_and_SDL_Compared. Accessed 24 Feb 2020

  24. K. Tiirik, Comparison of SDLC and Touchpoints. https://courses.cs.ut.ee/MTAT.03.246/2013_spring/uploads/Main/essay09.pdf. Accessed 24 Feb 2020

  25. B.D. Win, R. Scandariato, K. Buyens, J. Gregoire, W. Joosen, On the secure software development process: CLASP, SDL and Touchpoints compared, information and software technology archive. 51(7), 1152–1117 (2009)

    Google Scholar 

  26. Microsoft, Security development Lifecycle for agile development, in Microsoft Security Development Lifecycle, (2009). https://www.blackhat.com/presentations/bh-dc-10/Sullivan_Bryan/BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf. Accessed 24 Feb 2020

    Google Scholar 

  27. G. McGraw, Software Security, Building Security In. http://www.swsec.com/resources/touchpoints/. Accessed 3/24/2020

  28. D. NooPur, Developing secure software, in secure software engineering. The DoD software Tech News 8(2), 3–7 (2005). http://www.sis.pitt.edu/jjoshi/devsec/securesoftware.pdf. Accessed 24 Feb 2020

    Google Scholar 

  29. J. W. Over. Team Software Software Process for Secure Software Development (2002) . https://resources.sei.cmu.edu/asset_files/Presentation/2002_017_001_24393.pdf. Accessed 24 Feb 2020

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Kean University, Union, NJ, USA

    Jing-Chiou Liou & Saniora R. Duclervil

Authors
  1. Jing-Chiou Liou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saniora R. Duclervil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jing-Chiou Liou .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. University of West Florida, Pensacola, FL, USA

    Guillermo Francia III

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Liou, JC., Duclervil, S.R. (2020). A Survey on the Effectiveness of the Secure Software Development Life Cycle Models. In: Daimi, K., Francia III, G. (eds) Innovations in Cybersecurity Education. Springer, Cham. https://doi.org/10.1007/978-3-030-50244-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-50244-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50243-0

  • Online ISBN: 978-3-030-50244-7

  • eBook Packages: EducationEducation (R0)

Publish with us

Policies and ethics

Search

Navigation