Abstract :
In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.
Keywords :
formal specification; safety-critical software; business process management; organizational framework; secure software system; security requirement; software development; Buildings; Companies; Information security; Power system security; Programming; Project management; Software development management; Software systems; Software testing; Software tools; Software security; organizational frameworks; security support framework; software assurance;
