WebApp Sec mailing list archives
Re: secure software engineering methodology
From: Alex Russell <alex () netWindows org>
Date: Mon, 22 Mar 2004 17:43:34 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 22 March 2004 5:37 am, Mads Rasmussen wrote:
Do any of you have any experience with methodologies for software engineering of secure software? If you read the book "building secure software" by John Viega and Gary McGraw it says that extreme programming isn't good for security projects.
I would agree with that assessment. In fact, I would go so far as to say that there are only a small subset of projects for which many of the XP concepts are helpful or applicable. These projects tend to share ALL the following criteria: - tightly defined or defineable goal - no scope drift - low risk tollerance - high time-to-market pressure - static project resources - established product or market
I was considering applying RUP, the Rational Unified Process, but I think that it must be customized to consider security aspects.
Given my experience with RUP inside organizations of varying size, I'm going to further extend my body onto a shaky limb and assert that no one really uses it. The furthest most organizations go is to use the templates that Rational/IBM produces, but that's about it. RUP (IMO) is more about saying that you're following a methodology and being able to use a trendier phrase than "source control" for marketing purposes. Of course, I would love to be wrong about this. Anyone actually _using_ the WHOLE RUP process?
If you search papers by Matt Bishop [1], Edward Amoroso [2] and several others you will only find bits and pieces. Non of them refer to a specific methodology, some tries to fit the Common Criteria [3] into the development process.
Common Criteria is backward-looking and does not make demands about design or process, only that you have both and that you be able to tell someone else what they are and demonstrate that you followed them and that you were supposed to hit those targets in the first place. It's like the iso9001 of software: you agree to tell someone exactly what you're doing and what's wrong with it, proove it, and then never change it. Therefore mapping to it is a documentation exercise. This is, of course, a gross over-simplification and premature dismissal of CC, but it'll do for this discussion. Regards - -- Alex Russell alex () burstlib org BD10 7AFC 87F6 63F9 1691 83FA 9884 3A15 AFC9 61B7 alex () netWindows org F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAX5ZGoV0dQ6uSmkYRAmRsAJ4sND6Fgag/QQiUOiJUjKgIG7C1qQCcD7bi VwTqpjRlrkfnQJLdftq5omM= =QxSX -----END PGP SIGNATURE-----
Current thread:
- secure software engineering methodology Mads Rasmussen (Mar 22)
- Re: secure software engineering methodology Alex Russell (Mar 23)
- Re: secure software engineering methodology Mads Rasmussen (Mar 23)
- Re: secure software engineering methodology Gunnar Peterson (Mar 23)
- Re: secure software engineering methodology Alex Russell (Mar 23)