Security

Model-Driven Secure Development Lifecycle

Free registration required

Executive Summary

Building security into software development lifecycles and doing it right is hard. To address the challenge, several prominent organizations have published process-oriented security guidelines to bring security activities into a structured way. Although these efforts contribute to measurable improvements in software and system security, they are often too verbose and fuzzy to be implementable in a development lifecycle involving people (e.g., security experts, developers, and managers) with different skillsets. In this paper, the authors propose the Model-Driven Secure Development Lifecycle (MD-SDL), an approach that leverages on modeling methods and the advances in model-driven security to simplify the process of efficiently integrating security into development lifecycles for the development of security-critical software and systems.

  • Format: PDF
  • Size: 262.59 KB