Process Improvement Should Link to Security:
SEPG 2007 Security Track Recap

Parent SEI Program

Networked Systems Survivability

Parent Project

Survivable Systems Engineering

Related Publications

Introducing the CERT Resiliency Engineering Framework:
Improving the Security and Sustainability Processes

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Managing for Enterprise Security

Sustaining Operational Resiliency: A Process Improvement Approach
Security Management

Carol Woody, PhD

Technical Note
CMU/SEI-2007-TN-025

PDF Download

Security is a very visible issue these days for software. New software products are continuously reported to be vulnerable to attack and compromise; organizations must support an expensive unending update-and-upgrade cycle. Process improvement has been proposed as a mechanism for addressing security challenges, but the Capability Maturity Model Integration (CMMI) approach does not specifically address security, so the linkages for the Software Engineering Process Group (SEPG) community are unclear. The security track at the SEPG 2007 conference was developed to provide a forum for identifying the appropriate ties between process improvement and security. This document summarizes the content shared at the conference and identifies several subsequent steps underway toward strengthening those ties.