Methodological and implementation aspects of introducing secure software development processes

Sas S. Arustamyan; Vitaly V. Varenitca; Alexey S. Markov

doi:10.26583/bit.2023.2.01

Безопасность информационных технологий (May 2023)

Methodological and implementation aspects of introducing secure software development processes

Sas S. Arustamyan,
Vitaly V. Varenitca,
Alexey S. Markov

Affiliations

Sas S. Arustamyan: NPO Echelon
Vitaly V. Varenitca: NPO Echelon
Alexey S. Markov: Bauman Moscow State Technical University

DOI: https://doi.org/10.26583/bit.2023.2.01
Journal volume & issue: Vol. 30, no. 2
pp. 23 – 37

Abstract

Read online

The paper presents the results of the study of the state of meeting the requirements for secure software development, as defined by national standards. Objective and subjective reasons for the demand for the integration of secure software development procedures into the life cycle of secure computer products are given. The dependence of the number of software errors and vulnerabilities on the maturity of the software development company is noted. The requirements of national standards in the field of development of secure programs in the context of mandatory and voluntary certification of software products according to information security requirements are considered. The processes of developing secure software that are of priority importance in the activities of the testing (certification) laboratory are highlighted. The features of harmonization of national and international standards for application security are shown. The advantages of national standards relative to foreign good practices and standards are noted. Original conceptual models for choosing procedures for developing secure programs and implementing software development processes are presented. A general methodology for auditing the secure software development management system is presented. The statistics of secure software development procedures implementation in serial production of information security tools are given. The features of the Russian market for the development and production of secure software are noted. Typical organizational mistakes of program developers in the process of implementing information security requirements are noted. Recommendations are formulated to improve the efficiency of implementation of secure software development procedures. The conclusion about the effectiveness and prospects of the development of security management systems for software resources within the framework of quality management systems and information security management systems is made.

information security, software security, application security, secure software, secure lifecycle, software development processes.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords