Software Engineering Institute

Process Improvement Should Link to Security: SEPG 2007 Security Track Recap

September 1, 2007 • Technical Note

By

Carol Woody

In this document, Carol Woody summarizes the content shared at the 2007 SEPG conference and steps underway toward ties between security and process improvement.

Publisher

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2007-TN-025

DOI (Digital Object Identifier)

10.1184/R1/6582452.v1

Subjects

Best Practices Cyber Risk And Resilience Management Resilience Management Model (Rmm)

Abstract

Security is a very visible issue these days for software. New software products are continuously reported to be vulnerable to attack and compromise; organizations must support an expensive unending update-and-upgrade cycle. Process improvement has been proposed as a mechanism for addressing security challenges, but the Capability Maturity Model Integration (CMMI) approach does not specifically address security, so the linkages for the Software Engineering Process Group (SEPG) community are unclear. The security track at the SEPG 2007 conference was developed to provide a forum for identifying the appropriate ties between process improvement and security. This document summarizes the content shared at the conference and identifies several subsequent steps underway toward strengthening those ties.

Cite This Technical Note

APA

Woody, C. (2007, September 1). Process Improvement Should Link to Security: SEPG 2007 Security Track Recap. (Technical Note CMU/SEI-2007-TN-025). Retrieved April 16, 2024, from https://doi.org/10.1184/R1/6582452.v1.

BibTeX

@techreport{woody_2007,
author={Woody, Carol},
title={Process Improvement Should Link to Security: SEPG 2007 Security Track Recap},
month={Sep},
year={2007},
number={CMU/SEI-2007-TN-025},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6582452.v1},
note={Accessed: 2024-Apr-16}
}

CHI

Woody, Carol. "Process Improvement Should Link to Security: SEPG 2007 Security Track Recap." (CMU/SEI-2007-TN-025). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 2007. https://doi.org/10.1184/R1/6582452.v1.

IEEE

C. Woody, "Process Improvement Should Link to Security: SEPG 2007 Security Track Recap," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2007-TN-025, 1-Sep-2007 [Online]. Available: https://doi.org/10.1184/R1/6582452.v1. [Accessed: 16-Apr-2024].

MLA

Woody, Carol. "Process Improvement Should Link to Security: SEPG 2007 Security Track Recap." (Technical Note CMU/SEI-2007-TN-025). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 2007. https://doi.org/10.1184/R1/6582452.v1. Accessed 16 Apr. 2024.

SEI

Woody, Carol. Process Improvement Should Link to Security: SEPG 2007 Security Track Recap. CMU/SEI-2007-TN-025. Software Engineering Institute. 2007. https://doi.org/10.1184/R1/6582452.v1

Ask a question about this Technical Note