NIST CYBERSECURITY WHITE PAPER MITIGATING THE RISK OF SOFTWARE
A
PRIL 23, 2020 VULNERABILITIES BY ADOPTING AN SSDF
1 Introduction
A software development life cycle (SDLC)
1
is a formal or informal methodology for designing,
creating, and maintaining software (which includes code built into hardware). There are many
models for SDLCs, including waterfall, spiral, agile, and development and operations (DevOps).
Few SDLC models explicitly address software security in detail, so secure software development
practices usually need to be added to and integrated within each SDLC model. Regardless of which
SDLC model is used to develop software, secure software development practices should be
integrated throughout it for three reasons: to reduce the number of vulnerabilities in released
software, to mitigate the potential impact of the exploitation of undetected or unaddressed
vulnerabilities, and to address the root causes of vulnerabilities to prevent future recurrences. Most
aspects of security can be addressed at multiple places within an SDLC, but in general, the earlier
in the SDLC that security is addressed, the less effort and cost is ultimately required to achieve the
same level of security. This principle, also known as shifting left, is critically important regardless
of the SDLC model.
There are many existing documents on secure software development practices, including those
listed in the References section. This white paper does not introduce new practices or define new
terminology; instead, it describes a subset of high-level practices based on established standards,
guidance, and secure software development practice documents. These practices, collectively
called a secure software development framework (SSDF), should be particularly helpful for the
target audiences to achieve secure software development objectives. Note that these practices are
limited to those that bear directly on secure software development (e.g., securing the development
infrastructure or pipeline itself is out of scope).
This white paper is intended to be a starting point for discussing the concept of an SSDF and
therefore does not provide a comprehensive view of SSDFs. Future work may expand on the
material in this white paper, potentially covering topics such as how an SSDF may apply to and
vary for different software development methodologies and how an organization can transition
from using just their current software development practices to also incorporating the practices
specified by the SSDF. It is likely that future work will primarily take the form of use cases so that
the insights will be more readily applicable to certain types of development environments.
This white paper expresses secure software development practices but does not prescribe exactly
how to implement them. The focus is on implementing the practices rather than on the tools,
techniques, and mechanisms used to do so. For example, one organization might automate a
particular step, while another might use manual processes instead. Advantages of specifying the
practices at a high level include the following:
• Can be used by organizations in any sector or community, regardless of size or
cybersecurity sophistication
• Can be applied to software developed to support information technology (IT), industrial
control systems (ICS), cyber-physical systems (CPS), or the Internet of Things (IoT)
1
Note that SDLC is also widely used for “system development life cycle.” All usage of “SDLC” in this white paper is
referencing software, not systems.
评论0
最新资源