When implementing a measure to develop secure software. The software developer needs:

a) decompose the architecture of the program;

b) formulate for software development team specialists technical tasks related to the creation of software based on project architecture of the program and requirements, applied to the software;

c) fulfill the formulated technical tasks and document source code traceability programs to the project architecture of the program;

d) verify the results of the technical tasks.

Description of measures to develop a secure software

The order of formatting the source code of the program is is a list of rules and recommendations that are used specialists of software development groups in the process of creating the initial code. Consequences of applying the established procedure source code formatting in the process of secure software development are: reducing the likelihood of deficiencies programs; reducing the amount of resources needed to spend on eliminating deficiencies; increase the probability of detecting flaws in the program.

Positive influence is achieved by reducing the probability use of unsafe language constructs programming, improving source code portability, simplifying source code maintenance, increasing productivity of individual workers and groups of workers, improving interaction between employees, reducing costs for software development and support.

Typical actions performed in preparation for implementing a measure to develop secure software ensure

In preparation for the implementation of a measure to develop a safe. The software developer needs to:

to study the existing processes of a software developer within the scope of measures for the development of secure software, related to the creation and use of the order of registration of the source code of the program when creating a program;

select a basic set of rules and guidelines for formatting source code for the various programming languages used in the program development process;

The basis for creating a basic set of rules and recommendations for the design of the source code of the program is following:

• rules and recommendations that are used by employees on the current moment in time;
• rules and guidelines defined by industry standards or major software vendors;
• rules and guidelines provided by suppliers specialized software for automating the process of applying standards coding;
• provisions of national standards, in particular, GOST 19.401-78.

c) based on the selected basic sets, develop and document sets of rules and guidelines for the design of the source code of the program, taking into account features of the development process and used in the process technology development;

An organization’s source code rules may differ for different software development processes. The procedure for formatting the source code contains the following main types of requirements:

– requirements to prohibit the use of certain language structures;

– requirements for restrictions on the use of certain language structures in various situations;

– requirements for the methods of choosing names and the case used symbols for variable names and other identifiers;

– requirements for the style of indentation in the design of logical blocks;

– requirements for the method of arranging brackets that limit logical blocks;

– requirements for the use of spaces in the design of logical and arithmetic expressions;

– requirements for the style of comments and the use of documentation comments.

d) carry out the separation of rules and recommendations on the design of the source code, depending on the degree of their importance;

It is advisable to separate the rules and recommendations on the design of the source code, depending on the degree of their importance for ensuring secure software development. If there is such separation, the process of implementing rules and recommendations may consist of several stages: at the initial stage, the use of the most important rules and recommendations, on subsequent – less important.

Between stages, the results of the application are evaluated and adjustments are made rules and recommendations. Necessity of transition between stages determined by employees responsible for the implementation of the procedure design of the source code of the program. As a rule, the transition condition are the positive results obtained in the previous step.

The degree of importance of a rule or recommendation is determined by the consequences (the appearance of program deficiencies) caused by a violation or ignoring these rules and recommendations in the development process. At deciding whether to use a rule or recommendations should take into account the likelihood of negative consequences in the absence of application of a rule or recommendation, and the amount of resources required to make this rule or the recommendation has been applied.

e) develop procedures for monitoring compliance with the rules and recommendations, including how to document and analysis of cases of violation of the established procedure source code formatting.

An integral part of the use of order the design of the source code in the organization are control procedures. Monitoring the application of rules and recommendations for the design of the source code provided using a combination of automated and manual procedures. Static control tools are used to automate control. Analysis of the source code of the program. Used as a manual procedure source code review.

f) determine the procedure for reviewing and changing the rules and guidelines for formatting the source code used during the development of the program;

To ensure compliance with applicable regulations and recommendations on the design of the source code, changing conditions and parameters of the software development process should provide a procedure for their revision and change. The conditions for this procedure may be changes to the software development process or architecture, or temporary parameters (execution of the procedure after the expiration of certain time period).

i) appoint employees responsible for the implementation of the measure on the development of secure software, familiarize them with the documentation regarding implementing a measure to develop secure software.

Create and implement clearance order source code into the software development process is usually a task for employees who manage the development process, or employees providing software architecture development.

Typical actions performed when implementing a measure for developing secure software

When implementing a measure to develop secure software. The software developer needs:

a) apply the established procedure for issuing the original code during program development;

b) monitor the application of rules and recommendations on design of the source code; document cases violation of the established procedure for issuing the initial code; analyze the causes of violations of established rules for formatting source code;

c) eliminate identified violations of the rules and recommendations on the design of the source code;

d) to review and change the rules and recommendations on the design of the source code when certain conditions, including based on the results analysis of recorded cases of violations;

e) take the necessary actions to improve employees’ awareness of the importance and necessity compliance with the established procedure for issuing the initial program code.