Guidelines for secure software development

It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Information security has therefore become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. The aim of this paper is to provide guidance to software designers and developers by defining a set of guidelines for secure software development. The guidelines established are based on various internationally recognised standards and best practices and some of the processes developed by many key role players.

[1]  Witold Pedrycz,et al.  Software Engineering: An Engineering Approach , 1999 .

[2]  Jan Killmeyer,et al.  Information Security Architecture , 2000 .

[3]  Václav Rajlich,et al.  Changing the paradigm of software engineering , 2006, CACM.

[4]  June M. Verner,et al.  Defining and contributing to software development success , 2006, CACM.

[5]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[6]  Timothy Grance,et al.  Security Considerations in the Information System Development Life Cycle , 2003 .

[7]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[8]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[9]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[10]  Ruth Breu,et al.  Towards a Systematic Development of Secure Systems , 2004, Inf. Secur. J. A Glob. Perspect..

[11]  Abhinav Rastogi,et al.  Secure Coding: Building Security into the Software Development Life Cycle , 2004, Inf. Secur. J. A Glob. Perspect..

[12]  Marianne Swanson,et al.  SP 800-14. Generally Accepted Principles and Practices for Securing Information Technology Systems , 1996 .

[13]  Jan Jürjens Using UMLsec and goal trees for secure systems development , 2002, SAC '02.

[14]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[15]  David LeBlanc,et al.  Writing Secure Code , 2001 .