Abstract
This article presents overview information about existing processes, standards, life-cycle models, frameworks, and methodologies that support or could support secure software development. The initial report issued in 2006 has been updated to reflect changes.
Intended Audience
The target audience for this document includes program and project managers, developers, and all individuals supporting improved security in developed software. It is also relevant to software engineering process group (SEPG) members who want to integrate security into their standard software development processes.
Scope
Technology and content areas described include existing frameworks and standards such as the Capability Maturity Model Integration2 (CMMI) framework, Team Software Process (TSP),3 the FAA-iCMM, the Trusted CMM/Trusted Software Methodology (T-CMM/TSM), and the Systems Security Engineering Capability Maturity Model (SSE-CMM).
In addition, efforts specifically aimed at security in the SDLC are included, such as the Microsoft Trustworthy Computing Software Development Lifecycle, the Team Software Process for Secure Software Development (TSPSM-Secure), Correctness by Construction, Agile Methods, and the Common Criteria.
Two approaches, Software Assurance Maturity Model (SAMM) and Software Security Framework (SSF), which were just released, have been added to give the reader as much current information as possible.
