• DocumentCode
    1013386
  • Title

    Processes for producing secure software

  • Author

    Davis, Noopur ; Humphrey, Watts ; Redwine, Samuel T., Jr. ; Zibulski, Gerlinde ; McGraw, Gary

  • Author_Institution
    Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA, USA
  • Volume
    2
  • Issue
    3
  • fYear
    2004
  • Firstpage
    18
  • Lastpage
    25
  • Abstract
    Summarizes work initiated at the National Cybersecurity Summit, held 2-3 December 2003 in Santa Clara, California. Attendees representing industry, academia, and the US Department of Homeland Security (DHS) formed five task forces to focus on specific topic areas. This report describes, the key problems and recommendations identified by the Software Process subgroup of the "Security Across the Software Development Lifecycle" task force. Producing secure software is a multifaceted problem of software engineering, security engineering, and management. Thus, producing secure software starts with outstanding software engineering practices, augmented with sound technical practices, and supported by management practices that promote secure software development. We discuss these practices.
  • Keywords
    security of data; software engineering; Security Across the Software Development Lifecycle task force; Software Process subgroup; US Department of Homeland Security; US National Cybersecurity Summit; management; secure software development; security engineering; software engineering; Computer security; Costs; Data security; Information security; National security; Personnel; Privacy; Programming; Software design; Software systems;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2004.21
  • Filename
    1306968
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1013386