Open Access Open Access  Restricted Access Subscription Access

Review on Common Criteria as a Secure Software Development Model


Affiliations
1 Tubitak Bilgem Uekae, Kocaeli, Turkey
 

Standards, models, frameworks and guidelines have been developed for secure software development such as such as Common Criteria, SSE-CMM, Microsoft SDL, OpenSAMM. Current standards and models provide guidance for particular areas such as threat modelling, risk management, secure coding, security testing, verification, patch management, configuration management etc. But there is not a generally accepted model for a secure software development lifecycle. Common Criteria provides objective evaluation methodology to validate that a product satisfies a specified set of security requirements. In this paper Common Criteria secure software development approach is examined and compared with other well known standards and models.

Keywords

Common Criteria, Secure Software Development, Vulnerability, Confidentiality, Integrity, Availability.
User
Notifications
Font Size

Abstract Views: 335

PDF Views: 192




  • Review on Common Criteria as a Secure Software Development Model

Abstract Views: 335  |  PDF Views: 192

Authors

Mehmet Kara
Tubitak Bilgem Uekae, Kocaeli, Turkey

Abstract


Standards, models, frameworks and guidelines have been developed for secure software development such as such as Common Criteria, SSE-CMM, Microsoft SDL, OpenSAMM. Current standards and models provide guidance for particular areas such as threat modelling, risk management, secure coding, security testing, verification, patch management, configuration management etc. But there is not a generally accepted model for a secure software development lifecycle. Common Criteria provides objective evaluation methodology to validate that a product satisfies a specified set of security requirements. In this paper Common Criteria secure software development approach is examined and compared with other well known standards and models.

Keywords


Common Criteria, Secure Software Development, Vulnerability, Confidentiality, Integrity, Availability.