Synthesis of secure software development controls

Abstract

A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development of secure software, we made a list of basic requirements that enables us, among other things, to assess the software development processes for compliance with secure software requirements. We present an original conceptual model for analysis and synthesis of controls for secure software development, which allows software developers to select reasonable controls for developing secure software.