WebApp Sec mailing list archives
secure software engineering methodology
From: Mads Rasmussen <mads () opencs com br>
Date: Mon, 22 Mar 2004 10:37:56 -0300
Do any of you have any experience with methodologies for software engineering of secure software?
If you read the book "building secure software" by John Viega and Gary McGraw it says that extreme programming isn't good for security projects.
I was considering applying RUP, the Rational Unified Process, but I think that it must be customized to consider security aspects.
Do you have any experience with methodologies for software engineering of secure software? I remember you saying in the book "building secure software" that extreme programming isn't good for security projects.
If you search papers by Matt Bishop [1], Edward Amoroso [2] and several others you will only find bits and pieces. Non of them refer to a specific methodology, some tries to fit the Common Criteria [3] into the development process.
A paper that comes close is [4] by Marshall D. Abrams.I know for a fact that AT&T Bell labs has a secure development methodology called TSM, the Trusted Software Methodology. But nothing seems published publicly about the contents and its workings.
[1] "Software Security Checklist for the Software Life Cycle" - Matt Bishop, David P. Gilliam, Thomas L. Wolfe and Josef S. Sherif
[2] "A Process-Oriented Methodology for Assessing and Improving Software Trustworthiness" - Edwurd Amoroso, Carol Taylor, John Watson and Jonathan Weiss.
[3] "Secure Systems Development: Based on the Common Criteria:The PalME Project" - Monika Vetterling, Guido Wimmel and Alexander Wisspeintner
[4] "Security Engineering in an Evolutionary Acquisition Environment" - Marshall D. Abrams
Current thread:
- secure software engineering methodology Mads Rasmussen (Mar 22)
- Re: secure software engineering methodology Alex Russell (Mar 23)
- Re: secure software engineering methodology Mads Rasmussen (Mar 23)
- Re: secure software engineering methodology Gunnar Peterson (Mar 23)
- Re: secure software engineering methodology Alex Russell (Mar 23)