Title :
Processes for producing secure software
Author :
Davis, Noopur ; Humphrey, Watts ; Redwine, Samuel T., Jr. ; Zibulski, Gerlinde ; McGraw, Gary
Author_Institution :
Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Summarizes work initiated at the National Cybersecurity Summit, held 2-3 December 2003 in Santa Clara, California. Attendees representing industry, academia, and the US Department of Homeland Security (DHS) formed five task forces to focus on specific topic areas. This report describes, the key problems and recommendations identified by the Software Process subgroup of the "Security Across the Software Development Lifecycle" task force. Producing secure software is a multifaceted problem of software engineering, security engineering, and management. Thus, producing secure software starts with outstanding software engineering practices, augmented with sound technical practices, and supported by management practices that promote secure software development. We discuss these practices.
Keywords :
security of data; software engineering; Security Across the Software Development Lifecycle task force; Software Process subgroup; US Department of Homeland Security; US National Cybersecurity Summit; management; secure software development; security engineering; software engineering; Computer security; Costs; Data security; Information security; National security; Personnel; Privacy; Programming; Software design; Software systems;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.21
