CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)
What are the threats to software databases while building up secure software products? What are the developments in this regard with respect to CMMI Model?
25th June, 2014
There are various threats to the Software Databases that can be addressed for building up secure software products. Some examples of these threats and vulnerabilities are: Aggregation, Bypass Attacks, Inference, Poly-instantiation, Views, Concurrency, Data Contamination, Dead-locking, Denial of service, Improper modification of data, Interception of data, Query attacks, Server access, Time of check / Time of use (TOC/TOU), Web security, Unauthorized access, etc.
With regards to the CMMI model, CMMI Institute has published a new technical note authored by Siemens AG Corporate Technology, entitled Security by Design with CMMI for Development, Version 1.3: An Application Guide for Improving Processes for Secure Products. This application guide is a set of additional process areas for CMMI® (Capability Maturity Model® Integration) for Development, Version 1.3 (CMMI-DEV, V1.3). The additional process areas–Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation—will seamlessly integrate into the Process Management, Project Management, and Engineering process area categories of CMMI-DEV.
Previous Post
What are the important points to be considered for building up secure software products? What are the developments in this regard with respect to CMMI Model?Next Post
What is CMMI Constellation?Sidebar
Author: Rajendra Khare
Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :
- SCAMPI High Maturity Lead Appraiser (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
- CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
- CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)
Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994
International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009
Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)
Rajendra has 25 years experience in the industry.