Abstract
Standards, models, frameworks and guidelines have been developed for secure software development such as Building Security In, SSE-CMM, Microsoft SDL, and OpenSAMM. Current standards and models provide guidance for particular areas such as threat modelling, risk management, secure coding, security testing, verification, patch management, configuration management etc. However, there is not a generally accepted model for a secure software development lifecycle. Building Security In provides an objective evaluation methodology to validate that a product satisfies a specified set of security requirements. In this paper Building Security In secure software development approach is examined and compared with other well-known standards and models.
Open Access License Notice:
This article is © its author(s) and licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0), regardless of any copyright or pricing statements appearing in the PDF. The PDF reflects formatting used for the print edition and not the current open access licensing policy.