Towards a Secure Software Development Lifecycle with SQUARE+R

Software security has been recognized to be an important trait for future software development, yet the adoption of a secure software development lifecycle has yet to be fully integrated into current software development models. This is due to immaturities in secure software development lifecycle models and the lengthy development time imposed by security. To further exacerbate the current rampant growth of software vulnerabilities, the future direction for software is moving rapidly into the web space. With the expansive use of Web Services a new attack space is opened. As mobile code increases so will the number of software bugs and vulnerabilities; hence the need for adopting a secure software development model. The need to build a knowledge base of common coding errors is important in exposing current vulnerabilities and preventing future vulnerabilities. In this paper, a study of the current growth of software vulnerabilities, the importance of a categorization tool, the SQUARE model, the evolution of the SQUARE model combined with the Risk Management Framework to produce the SQUARE+R model, and the adaptability of the SQUARE+R model to an agile development lifecycle are presented.