Summary of Von Sols and Futcher’s “Adaption of a Secure Software Development Methodology for Secure Engineering Design”

TO: Prof. Ellis 

FROM: Jennifer Martinez

DATE: 03/03/2021

SUBJECT: 500- Word Summary of Article About the Adoption of a Secure Software Development Methodology.

The following is a 500-word summary of a peer-reviewed article about adopting a Secure Software Development Methodology to Secure Engineering Designs. The authors discuss an approach of how to implement security in the Engineering design through the normal Systems Development Life Cycle (SDLC) by first creating a baseline on the studentsā€™ knowledge on security and then they designed a guideline to help students implement the Security software development methodology (SecSDM) into their projects. According to the authors, ā€œTraditionally the information technology (IT) professionals were considered…responsible for cybersecurity,…However, as engineering and control systems became more integrated with the IT infrastructure, securing these systems cannot remain the sole responsibility of IT professionalsā€ (Von Solms & Futcher, 2020, p. 125630). Therefore it would be ideal for engineers to learn how to protect their designs. First, the authors created an analysis to determine how much knowledge engineering students had on software security. The Capstone is a final year project used for the analysis and consisted of focusing specifically on hardware, software design, and testing. The results illustrated the dissociation the engineer students had between software and security due to it not being a requirement. A survey was given to the students after the project to determine if they understood the terminology and implementation of security. The survey confirmed that students understood the importance of security but lack the knowledge and training. Following the baseline, the authors design a guideline for the students to secure their projects by integrating security into the system development life cycle (SDLC) through the SecSDM. First, in the exploration phase, the engineer must explore the technology readiness, conduct a risk analysis, and follow the SecSDM suggestion to define the security requirements by the ISO/IEC TR. Based on the pre-evaluation, the engineer must then recommend possible solutions, define the systems requirements and products specification, as well as follow the SecSDM suggestion to identify the security services that satisfied the requirements. The goal of the design and development phase for engineers is not only to design the system architecture and allocate systems requirements to subsystems but to map the security to the specific security mechanisms, as well as follow the SecSDM recommendation to use the ā€œISO 7498-2 standardā€™s security mechanismsā€ (Von Solms & Futcher, 2020, p. 125635). In the production and implementation phase involves the construction of subsystems, systems integration, and testing, as well as the engineer, should use the appropriate security controls based on the SecSDM recommendations. During the utilization and support phase, the engineer is responsible for the product to operate based on the userā€™s need plus is responsible for the continuous monitoring of the software and firmware to ensure that the product is secure and used correctly. Finally, the SecSDM doesnā€™t have specific requirements for the retirement phase other than the engineer must teach the user how to dispose of the data and product properly. Although this paper motivated various people to write proposals on the integration of secure software practices into engineering design, thereā€™s still no practical approach on how to do so.

Reference 

Von Solms, S., & Futcher, L.A., (2020). Adaption of a secure software development methodology for secure engineering design. IEEE Access, 8, 125630-125637. https://doi.org/10.1109/ACCESS.2020.3007355