CMMI Institute Extends Software Development Framework to Address Security
Process ICT are a proud partner of the CMMI Institute and having been using the CMMI Models for a number of years. We are excited to now announce that the Institute has recently developed the models to include the security of software and systems development, a major part of many of the organisations we work with on a daily basis.
Here is an article published by the CMMI Institute on the recent developments:
PITTSBURGH – April 1, 2014 – The CMMI Institute, the leading center for global best practices and organizational benchmarking, announced today it has extended the CMMI for Development framework to address security concerns in software and systems development. This increased emphasis on security will help developers to protect their work from attack.
Security attacks against major companies have become regular headlines. In many cases, hackers are taking advantage of weaknesses resulting from inattention to basic security measures. An August 2013 study of Ponemon Institute and Security Innovation found that most software development organizations do not consider security in the development process, leaving the end applications and products vulnerable. While this absence may appear to keep costs down, any savings realized by disregarding security during development is lost many times over when costly updates are required after product releases, or worse, when a breach occurs and requires significant effort to remedy.
Another Ponemon Institute 2013 research study, sponsored by Symantec, found global security breach costs ranging from $1.1 to $5.4 million per breach.
CMMI adoption results in cost savings by increasing speed to market and reducing costs connected to defects and rework. CMMI for Development is a framework of practices designed to improve quality and reliability in development processes, and many users have included security efforts in CMMI adoptions. Today’s news addresses security in a new way, with a set of practices explicitly designed to include security concerns in CMMI adoption and appraisals.
With the release of a technical report entitled, Security by Design with CMMI for Development V1.3: An Application Guide for Improving Processes for Secure Products, the CMMI framework is extended to include guidelines for including security requirements as quality criteria in the development process. Specific new process areas include Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation. By integrating security into systematic management of the development process, companies will reduce security risks and costs for themselves and their customers.
“We understand that security issues concern every level of the technology centered enterprise,” said Kirk Botula, CEO, CMMI Institute. “At the institute, we are actively seeking ways to help CMMI users tailor the frameworks to best meet their organization’s business goals. We are pleased to help organizations to develop operational resiliency against attacks by creating sustainable methods for developing secure products.
Security by Design with CMMI for Development V1.3, along with a usage guide and a recording of a global webinar, is available for download at www.cmmiinstitute.com/securityextension
Content written and supplied by: Katie Tarara, CMMI Institute