Development of safe software securities

Posted on By Victor Fasano
software development

To start work related to the implementation of measures to development of secure software, it is necessary to obtain approval top management of the organization. To do this, management should present the goals of implementation and arguments in favor of the implementation of measures for the development of secure software.

The software developer needs to determine the objectives of the implementation of measures for the development of secure software. To determine the goals of implementation measures for the development of secure software must be collected, analyze and present to the top management of the organization information that demonstrates the value of development measures secure software for the software developer and the benefits of their implementation. For this, it is recommended to consider the requirements for software developer in the field of developing secure software, taking into account the following factors:

– areas of activity of the software developer, providing him Doing Business;

– requirements of laws, normative legal acts and industry standards that are relevant to the areas activities of the software developer and impose on him any restrictions or obligations regarding the implementation of measures to development of secure software;

– existing contractual relations of the software developer, that impose any restrictions or obligations regarding the implementation of measures to develop a safe ON;

– possible consequences related to financial losses, loss of reputation of the software developer due to incidents information security resulting from the supply users of software with program vulnerabilities;

– minimum requirements for the level of implementation of measures to development of secure software, existing in the fields of activity software developer.

Documented goals for the implementation of development measures secure software and their rationale should be submitted to the highest management of the organization for the adoption of a motivated decisions on approval or disapproval of the commencement of work related to implementation of measures to develop secure software.

Scope of development measures secure software

The software developer should define the scope implemented measures to develop secure software. Measures to development of secure software can be applied to individual software, for a particular group or groups of software developers within organization for the organization as a whole.

Scope implemented measures for the development of secure software is determined in including taking into account the objectives of the implementation of measures to develop secure software. The defined scope of measures for development of secure software must be coordinated with the highest the leadership of the organization.

Initial check of existing processes from the point in terms of meeting the requirements for development measures secure software installed GOST R 56939

An initial check is necessary to determine which of the implemented processes meet the requirements GOST R 56939, what processes need to be changed to ensure compliance with the requirements of GOST R 56939 and what processes are needed implement in addition to the existing ones.

The software developer should review the processes software development within a defined scope of measures to development of secure software in order to assess their current state with points of view:

– compliance with the requirements for the implementation of development measures safe according to GOST R 56939;

– compliance of the developer’s documentation with the requirements GOST R 56939.

To conduct an initial check of existing processes in terms of fulfilling the requirements for development measures secure software established by GOST R 56939 should be form a commission. May be subject to verification involve third-party organizations with competencies in secure software development and conformity assessment software development process to the requirements of GOST R 56939. Employees or third parties verifying compliance GOST R 56939, it is necessary to exclude the possibility of creating situation leading to a conflict of interest.

Assessment of the degree of implementation of measures for the development of secure software involves doing:

– identification of existing software developer processes software development in a specific scope of measures to development of secure software;

– descriptions (performed in the form of diagrams, diagrams, verbal descriptions) of identified processes in terms of implementation of measures for the development of secure software established by GOST R 56939;

– discussions with responsible employees involved in software development process, the degree of compliance with existing processes to the requirements of GOST R 56939;

– forming a conclusion about which of the implemented processes comply with the requirements of GOST R 56939, which processes need to be changed to ensure compliance requirements of GOST R 56939 and what processes need to be implemented in addition to the existing ones;

– documenting the results of the evaluation.

The evaluation results can be presented in the form of a table for their further use in the formation of the plan implementation of measures for the development of secure software and evaluation of improvements processes related to the development of secure software. Higher management of the organization, as well as all employees who involved in the process of implementing measures to develop secure software and which, in accordance with the principle of necessary knowledge, this information is necessary for the performance of official responsibilities, should be made aware of the results of the evaluation.

An initial check of existing processes should be be carried out taking into account the provisions of GOST R ISO 19011.

Determining who is responsible for the development process secure software

To successfully implement a secure development process The software needs to define:

– responsible for the implementation of the process of safe developments at the level of the top management of the organization;

– responsible for the development of the development manual secure software (4.10 GOST R 56939–2016) and work planning;

– responsible for the implementation of the measures specified in GOST R 56939 from each structural unit, involved in the process of developing secure software.

For each of the assigned responsibilities, define areas of responsibility, duties and authorities. It is allowed to combine responsibilities related to the process development of secure software and other job responsibilities in within the same position, provided there is no conflict interests.

You may also like

software development
software development technology
January 15, 2022
software development
Software development for beginners
January 30, 2022
software development
The role of standardization and certification in PS quality management
May 20, 2022
software development
Custom software development
September 4, 2022