What are the important points to be considered for building up secure software products? What are the developments in this regard with respect to CMMI Model?

CMMI FAQ 0

24th June, 2014

There are various threats in the Software Environment that can be addressed for building up secure software products. Some examples of these threats to software environment are: Buffer Over Flow, Citizen Programmers, Covert channel, Malicious Software (Malware), Malformed Input Attack, Memory / Object reuse, Executable Content / Mobile Code, Social Engineering, Time of Check / Time of Use (TOC/TOU), Data-Contamination, Garbage collection, Open Source, Between-the-Lines Attack, Trapdoor / Backdoor, etc.

With regards to the CMMI model, CMMI Institute has published a new technical note authored by Siemens AG Corporate Technology, entitled Security by Design with CMMI for Development, Version 1.3: An Application Guide for Improving Processes for Secure Products. This application guide is a set of additional process areas for CMMI® (Capability Maturity Model® Integration) for Development, Version 1.3 (CMMI-DEV, V1.3)  The additional process areas–Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation—will seamlessly integrate into the Process Management, Project Management, and Engineering process area categories of CMMI-DEV.

You may also like to browse following posts

• What are the threats to software databases while building up secure software products? What are the developments in this regard with respect to CMMI Model?
• As CMMI Consultants, you might have come across the question about What is incident and how it is defined in different standards like CMMI, ISO and ITIL? What are different tools you can use to manage incidents? As CMMI Consultant you can take guidance from the information below:
• Update on CMMI Benefits Information from CMMI Institute Report
• CMMI for Acquisition Blog – Special Series: 09th Part: This blog series on the cmmiconsultantblog.com is a systematic and structured coverage of CMMI Process Areas starting from Maturity Level 2 to Maturity Level 3: using CMMI–ACQ, Version 1.3, as the Reference CMMI Model: As CMMI Consultant, during CMMI Consulting assignment if you are asked about the steps, inputs and outputs of Process and Product Quality Assurance (PPQA) Process Area, what would be your response:
• CMMI for Acquisition Blog – Special Series: 07th Part: This blog series on the cmmiconsultantblog.com is a systematic and structured coverage of CMMI Process Areas starting from Maturity Level 2 to Maturity Level 3: using CMMI–ACQ, Version 1.3, as the Reference CMMI Model: As CMMI Consultant, during CMMI Consulting assignment if you are asked about the steps, inputs and outputs of Measurement and Analysis (M&A) Process Area, what would be your response: