secure software engineering methodology

[Mads Rasmussen <mads () opencs com br>]

Do any of you have any experience with methodologies for software 
engineering of secure software?

If you read the book "building secure software" by John Viega and Gary 
McGraw it says that extreme programming isn't good for security projects.

I was considering applying RUP, the Rational Unified Process, but I 
think that it must be customized to consider security aspects.

Do you have any experience with methodologies for software engineering 
of secure software? I remember you saying in the book "building secure 
software" that extreme programming isn't good for security projects.

If you search papers by Matt Bishop [1], Edward Amoroso [2] and several 
others you will only find bits and pieces. Non of them refer to a 
specific methodology, some tries to fit the Common Criteria [3] into the 
development process.
A paper that comes close is [4] by Marshall D. Abrams.

I know for a fact that AT&T Bell labs has a secure development 
methodology called TSM, the Trusted Software Methodology. But nothing 
seems published publicly about the contents and its workings.


[1] "Software Security Checklist for the Software Life Cycle" - Matt 
Bishop, David P. Gilliam, Thomas L. Wolfe and Josef S. Sherif

[2] "A Process-Oriented Methodology for Assessing and Improving Software 
Trustworthiness" - Edwurd Amoroso, Carol Taylor, John Watson and 
Jonathan Weiss.

[3] "Secure Systems Development: Based on the Common Criteria:The PalME 
Project" - Monika Vetterling, Guido Wimmel and Alexander Wisspeintner

[4] "Security Engineering in an Evolutionary Acquisition Environment" - 
Marshall D. Abrams