Enhancing software security: A study of simplified secure software development framework
By: Satyanarayana, N., et al
.
Material type: 
BookPublisher: ISTM Journal of Training Research and Governance Description: 5(2), Jan, 2025: p.65-76.Subject(s): Secure SDLC, Threat analysis, Attack vector reduction techniques, Security metrics
In:
ISTM Journal of Training Research and GovernanceSummary: The world is moving towards digital services and at the same time the attacks and exploitation of software vulnerabilities are also increasing. This situation not only leads to the lack of trust in software quality but also to the loss of business opportunities. Identifying security issues only during the software testing phase often leads to project delays and budget overruns. Focusing on security aspects in every phase of the software development lifecycle is an effective strategy, as it enables software architects, developers, and testers to understand their individual responsibilities within their respective phases while promoting a collaborative approach to addressing security across the entire development process. The objective of this paper is to present a simplified secure software development framework that explains an implementation strategy that can be followed by project teams in developing secure software. Authors have conducted a detailed study of various software vulnerabilities, their impact and root cause of errors and proposed a secure SDLC framework that suggest a methodology called as “P6” (Prepare, Practice, Protect, Produce, Probe, and Process Metrics) as an appropriate strategy to deal with the factors contributing to security concerns effectively. Authors have taken a sample project work that has no security aspects incorporated into it as a case study and incorporated the best practices, standards, tools, techniques and strategies relevant to each phase in-line with the proposed secure SDLC framework. Based on the efforts a set of practices that can be followed has been listed in this article.- Reproduced
https://www.istm.gov.in/home/istm_journal/386
| Item type | Current location | Call number | Vol info | Status | Date due | Barcode |
|---|---|---|---|---|---|---|
Articles
|
Indian Institute of Public Administration | 5(2), Jan, 2025: p.65-76 | Available | AR137313 |
The world is moving towards digital services and at the same time the attacks and exploitation of software vulnerabilities are also increasing. This situation not only leads to the lack of trust in software quality but also to the loss of business opportunities. Identifying security issues only during the software testing phase often leads to project delays and budget overruns. Focusing on security aspects in every phase of the software development lifecycle is an effective strategy, as it enables software architects, developers, and testers to understand their individual responsibilities within their respective phases while promoting a collaborative approach to addressing security across the entire development process. The objective of this paper is to present a simplified secure software development framework that explains an implementation strategy that can be followed by project teams in developing secure software. Authors have conducted a detailed study of various software vulnerabilities, their impact and root cause of errors and proposed a secure SDLC framework that suggest a methodology called as “P6” (Prepare, Practice, Protect, Produce, Probe, and Process Metrics) as an appropriate strategy to deal with the factors contributing to security concerns effectively. Authors have taken a sample project work that has no security aspects incorporated into it as a case study and incorporated the best practices, standards, tools, techniques and strategies relevant to each phase in-line with the proposed secure SDLC framework. Based on the efforts a set of practices that can be followed has been listed in this article.- Reproduced
https://www.istm.gov.in/home/istm_journal/386
There are no comments for this item.