Um Processo Seguro para Desenvolvimento de Software
Abstract
Information Security aims to guarantee information integrity, availability and confidentiality. This work identifies a set of activities, derived from the information security, which can be aggregated in a software process; contributing to have a development secure process.References
ALBERTS, C. et al. (2001) “OCTAVE - The Operationally Critical Threat, Asset, and Vulnerability Evaluation”, Carnegie Mellon – Software Engineering Institute, https://www.cert.org/octave.
CLASP (2006) Comprehensive, Lightweight Application Security Process, Version 1.2. https://www.securesoftware.com/process/clasp
DIAS, C. (2001), Segurança e Auditoria da Tecnologia da Informação, AXCEL BOOKS.
ISO/IEC 15408-1. (2005a) Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 1: Introduction and General Model.
ISO/IEC 15408-2. (2005b) Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements.
ISO/IEC 15408-3. (2005c) Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements.
ISO/IEC 17799. (2005) Tecnologia da informação – Técnicas de segurança - Código de prática para a gestão da segurança da informação, ABNT, Rio de Janeiro.
SSE-CMM. (2003) System Security Engineering – Capability Maturity Model, Version 3, https://www.sse-cmm.org.
CLASP (2006) Comprehensive, Lightweight Application Security Process, Version 1.2. https://www.securesoftware.com/process/clasp
DIAS, C. (2001), Segurança e Auditoria da Tecnologia da Informação, AXCEL BOOKS.
ISO/IEC 15408-1. (2005a) Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 1: Introduction and General Model.
ISO/IEC 15408-2. (2005b) Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements.
ISO/IEC 15408-3. (2005c) Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements.
ISO/IEC 17799. (2005) Tecnologia da informação – Técnicas de segurança - Código de prática para a gestão da segurança da informação, ABNT, Rio de Janeiro.
SSE-CMM. (2003) System Security Engineering – Capability Maturity Model, Version 3, https://www.sse-cmm.org.
Published
2006-08-28
How to Cite
NUNES, Francisco José Barreto; BELCHIOR, Arnaldo Dias.
Um Processo Seguro para Desenvolvimento de Software. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 286-289.
DOI: https://doi.org/10.5753/sbseg.2006.20957.
