Litcius/Paper detail

A Survey and Comparison of Secure Software Development Standards

Armando Ramírez, Anthony Aiello, Susan Lincke

202023 citationsDOI

Abstract

There are standards, guidelines, and certifications for software security to help guide software development projects into becoming more securely written to comply with any regulations that may apply to the project. These best practices and standards include Common Criteria, The Open Group Architecture Framework (TOGAF), Security Assurance Maturity Model (SAMM), Building Security In Maturity Model (BSIMM), Application Security Verification Standard (ASVS), OWASP, and SAFECode, in addition to the national or international standards groups, PCI, NIST and ISO/IEC. In this paper, we focus on secure software development by surveying and comparing these methods and standards and discover which areas of the software development life cycle SDLC, that one or more could be applied to improve the security of a software application during its development lifecycle.

Topics & Concepts

Software security assuranceSystems development life cycleComputer scienceSoftware development processSoftware developmentSoftware engineeringCertificationCertified Information Systems Security ProfessionalCapability Maturity ModelSoftware peer reviewCommon CriteriaComputer securityProcess managementEngineering managementSoftwareEngineeringSoftware constructionInformation securitySecurity servicePolitical scienceNetwork security policyProgramming languageLawAdvanced Malware Detection TechniquesInformation and Cyber SecurityDigital and Cyber Forensics