Science and Development Network (SciDev.Net)
Building security into software development lifecycles and doing it right is hard. To address the challenge, several prominent organizations have published process-oriented security guidelines to bring security activities into a structured way. Although these efforts contribute to measurable improvements in software and system security, they are often too verbose and fuzzy to be implementable in a development lifecycle involving people (e.g., security experts, developers, and managers) with different skillsets. In this paper, the authors propose the Model-Driven Secure Development Lifecycle (MD-SDL), an approach that leverages on modeling methods and the advances in model-driven security to simplify the process of efficiently integrating security into development lifecycles for the development of security-critical software and systems.