Towards a Secure Software Development Framework Based on an Integrated Engineering Process

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software security development is still a maturing process; software developers often lack the knowledge and skills needed to develop secure software. Clearly, designing software with security in mind will produce a more secure architectural design and eventually more secure software, yet it is still unclear how to evaluate and conduct this intuitive process. The creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals.;This research discusses the software engineering process to develop secure software, through a form of 'development framework', and demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. Hence, the framework enables developers with limited security experience to more easily and more reliably develop secure software.;In addition, more than sixty percent of the reported---high risk---software vulnerabilities are due to design flaws. Nevertheless, the majority of these flaws can be avoided if they have been discovered early enough. Therefore, this research proposes security evaluation strategies that are effective in discovering potential security threats at early stages of the development process with the goals of providing designed-in countermeasures and minimizing the cost of the development process dramatically.