Software Process

From CyberSecurity
Revision as of 17:18, 19 November 2005 by Leonarde (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Leonarde 09:18, 19 November 2005 (PST)Enterprises have been concerned with developing the most feature rich-applications to give them a competitive advantage in the marketplace. This approach has created buggy vulnerable code that can be fall prey to the threat of cyberterrorism, hacking and financial risk posed by privacy legislation and litigation. Development processes must change to improve the security and privacy of code.

Factors driving the changes (Emergence of the Internet; hacking through buffer/integer overruns, cross-site scripting, SQL injection, etc; problems with patching lifecycle)

Broken Software Practices (Lack of software engineering and security classes in Universities, Hacking culture. Marketing and feature driven development. Little time in project for review and test process)

Improved Software Processes (Microsoft Software Development Lifecycle (SDL), TSP/PSP, Capability Maturity Model)

Public policy governing the changes (Certification, Sarbanes Oxley, SB1386, EU Safe Harbor agreement)

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Software_Process&oldid=2846"