Software Development Security

Question 1

Two software assurance/security models

Answer 1

Software Assurance Maturity Model (SAMM)

IDEAL

Question 2

Software Assurance Maturity Model (SAMM)

Answer 2

Framework for integrating security into the software development process and assessment of maturity

Maintained by OWASP

Cover 5 areas

1. Governance: Policies
2. Design: includes threat modeling
3. Implementation: secure build and deployment
4. Verification: Confirm code meets security requirements through assessments and testing.
5. Operations: Incident, environment and operational mangement

Question 3

IDEAL Model

Answer 3

Software development model including security and maturity measurement

Created by Software Engineering Institute

Includes 5 Phases
1. Initiating: Business drivers are understood and infrastructure is put in place.
2. Diagnosing: Understand current state of business and propose changes
3. Establishing: Plan developed from diagnosing stage
4. Acting: implement plan from previous stage including testing and refinement.
5. Learning

Question 4

Software Capability Maturity Model

Answer 4

From Carnegie Mellon university

Outlines levels of software development maturity in 5 levels

Initial- no organized process
Repeatable- management process are introduced.
Defined- Formal process
Managed- Process is measured quantitative
Optimized- continuous improvement built in

Question 5

ACID model for Databases

Answer 5

Atomicity
Consistency
Isolation
Durability

Question 6

Three Components of Change Management

Answer 6

Request Control: manages the requests for change an confirms they are needed.

Change Control:

Release Control: once change is finalized…user acceptance testing and double checking change for issues. Removing an back doors or code used to support change. Makes sure only approved changes are allowed into production.