Research on Software Development Process Assurance Models in ICT Supply Chain Risk Management

Software assurance in software development process becomes an important part of ICT supply chains risk management, and also has been one of the most advanced information security technologies. Based on the researches of software assurance, this paper studies the development and current research of software security assurance in the background of software security being concerned by more and more people, then proposes a software security assurance model in software development process based on SDLC model, summarizes security activities during the development phase, analyzes the risk management of software assurance. Finally, the paper also indicates new research directions.

[1]  Marilyn S. Fujii A comparison of software assurance methods , 1978 .

[2]  David Clark,et al.  Computers at risk: safe computing in the information age , 1991 .

[3]  Marvin V. Zelkowitz,et al.  Maintaining software with a security perspective , 2002, International Conference on Software Maintenance, 2002. Proceedings..

[4]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[5]  Nancy R. Mead,et al.  A Portal for Software Security , 2005, IEEE Secur. Priv..

[6]  Gary McGraw,et al.  Knowledge for Software Security , 2005, IEEE Secur. Priv..

[7]  Martin S. Feather,et al.  Software Assurance Research Infusion: The NASA Experience , 2006, Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006).

[8]  Li Chao Survey of software assurance , 2009 .

[9]  Marianne Swanson,et al.  SP 800-34 Rev. 1. Contingency Planning Guide for Federal Information Systems , 2010 .

[10]  Johannes Sametinger,et al.  Software Security , 2013, 2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS).