The top secure software development frameworks – TechTarget

kras99 – stock.adobe.com
Advances in computer technology have prompted the development of frameworks that address security and user requirements in the software development lifecycle.
This article examines several established SDLC frameworks, as well as two frameworks that specifically incorporate risk and security elements. With growing cybersecurity threats, organizations must design and upgrade software applications with security in mind, while still providing users the high performance levels they expect.
Due to the unique nature of software development, the SDLC process is far from straightforward and, as shown in the flow chart below, includes many loops. These loops help ensure issues are thoroughly checked and verified before software is deployed. Document each step and supporting activities carefully, as those documents will be used throughout the development, testing, training and deployment phases and may be used as evidence for audits.
The seven steps of the SDLC are the following:
The following flow chart demonstrates how the SDLC process helps ensure performance issues are addressed before a system is put into production.
Many software development frameworks have been created over the years; the following is a partial list. Each approach can be adapted to incorporate security issues in the development process:
In addition to manually developing software systems, open source applications can help facilitate the development process. The following is a partial list of open source frameworks for development:
The aforementioned software development frameworks and models can be adapted to incorporate security provisions, but they’re not inherently designed for security.
The following two SDLC frameworks take the current approach to software design to a higher level by incorporating risk and security elements.
Developed by BSA | The Software Alliance and released in 2019, the BSA Framework for Secure Software is a risk-based and security-focused tool software developers, vendors and users can use to examine and analyze how software will perform in specific security situations. Software products and services are the primary focus of the framework, as opposed to traditional SDLC-type models and frameworks. What makes the framework unique is how it helps users ensure that security is factored into the development process and that the software, as written, produces the desired security capabilities and outcomes.
The framework’s risk-based approach helps users and stakeholders identify specific security parameters required by their organization. BSA’s framework is composed of a detailed matrix of the following:
NIST introduced its secure SDLC framework in 2021. The Secure Software Development Framework (SSDF) introduces and recommends specific security-focused activities for each phase of the SDLC.
By integrating the recommended activities specified in the framework into the proper lifecycle phase, software developers can reduce security vulnerabilities in newly developed or updated software, lower the effect of security breaches, and identify possible causes of vulnerabilities to better prepare and prevent future breaches or attacks. SSDF includes a vocabulary of terms to facilitate communication among vendors and users.
A key message in the framework is the importance of introducing security issues and requirements as early as possible into the SDLC. Security can no longer be an afterthought. Rather, security should be a central component of any software development project.
SSDF is a matrix based on the following elements:
While traditional SDLC models can be adapted to accommodate security practices, the two secure software development frameworks provide detailed guidance on the security attributes organizations should consider when building secure software products.
DevOps security checklist requires proper integration
Security and privacy remain a stumbling block for cloud computing, according to information experts at the Trust in the Digital …
Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger …
At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for …
SDN, zero trust and infrastructure as code are popular forms of network virtualization within the data center, moving away from …
Starting with MPLS VPNs and SD-WAN, new carrier network virtualization options, like 5G network slicing, are becoming virtual …
A manufacturing defect affecting some DIMMs made in late 2020 could cause persistent memory errors and server failure. Cisco …
Modzy and Snowplow are among the early-stage companies aiming to move AI from science project to enterprise asset. Success will …
How the CEO and other top leadership view the IT department has a major impact on how CIOs should make their business cases for …
As CIOs consider new technologies to help reach business sustainability goals, investors also want to see the right governance in…
Organizations that need desktop management software should survey a variety of platform types. UEM can often provide the most …
Organizations with both Mac and Windows devices can use some of their Windows-focused AD setup to address macOS management tasks.
Organizations may turn to basic MDM platforms to help manage Mac devices in a Windows-focused environment. Often, these platforms…
IBM’s focus on hybrid cloud efforts, including Cloud Paks and OpenShift, makes for a competitive option. See if its strategy fits…
IT teams can use a range of native management and monitoring tools from Google to ensure their public cloud deployments are …
It’s easy to forget about data centers when you run workloads in the cloud. Learn how AWS Regions and Availability Zones differ, …
Mixed bag in leading UK telco’s 2021/22 fiscal year, but company says it is on the right track and will continue to invest for …
Parent company of the Parasol umbrella firm that suffered a cyber attack and data breach earlier this year is denying …
Digital bank is recruiting nearly 500 people, including data scientists and engineers, to its Cardiff operation
All Rights Reserved, Copyright 2000 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Enable Exclusive OK No thanks