+

CN110989974A - Software security development life cycle implementation quality evaluation method and device - Google Patents

Software security development life cycle implementation quality evaluation method and device Download PDF

Info

Publication number
CN110989974A
CN110989974A CN201911185730.2A CN201911185730A CN110989974A CN 110989974 A CN110989974 A CN 110989974A CN 201911185730 A CN201911185730 A CN 201911185730A CN 110989974 A CN110989974 A CN 110989974A
Authority
CN
China
Prior art keywords
value
quality
evaluation
result
implementation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911185730.2A
Other languages
Chinese (zh)
Inventor
姜强
孙亚明
汤志刚
胡云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guoshun Technology Co ltd
Original Assignee
Beijing Guoshun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guoshun Technology Co ltd filed Critical Beijing Guoshun Technology Co ltd
Priority to CN201911185730.2A priority Critical patent/CN110989974A/en
Publication of CN110989974A publication Critical patent/CN110989974A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/10Requirements analysis; Specification techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06395Quality analysis or management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Theoretical Computer Science (AREA)
  • Economics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Game Theory and Decision Science (AREA)
  • Data Mining & Analysis (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a method and a device for evaluating implementation quality of software safety development lifecycle, wherein the method comprises the following steps: obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result; and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element. The method and the device for evaluating the implementation quality of the software safety development life cycle determine the level of the SDL implementation quality through the common combination of the process conformity and the result conformity, evaluate the SDL project implementation quality more comprehensively and scientifically, and improve the safety and the reliability of a software system.

Description

Software security development life cycle implementation quality evaluation method and device
Technical Field
The invention relates to the technical field of software development safety, in particular to a method and a device for evaluating implementation quality of a software safety development life cycle.
Background
With the progress of information science and technology and the development of the internet, application systems of some industries, particularly banking industries, are directly or indirectly connected with the internet or other special networks, so that on one hand, a quick channel is provided for information sharing, more service types are expanded, and on the other hand, various potential safety hazards emerge.
At present, the safety management of software development projects focuses on the safety management of individual links such as code scanning, grade protection evaluation and the like, the safety management process of the whole life cycle of software development is lacked, and the potential safety hazard of an application system is difficult to be eliminated fundamentally. The vulnerability repair cost is high after the system is put into production, and even the scheduled system online time can be delayed. How to quickly respond to ever-changing business requirements and ensure the safety of a system in the agile development process is a key problem which needs to be solved.
In the prior art, security management of software development usually refers to the security development lifecycle SDL of microsoft software, and implements strict security control on the whole process of software development, thereby providing guarantee for software security in the whole lifecycle. Enterprises typically evaluate the implementation quality of SDL based on several factors:
(1) whether the loopholes are reduced or not, whether the whole loopholes of the system are reduced or not, and whether certain types of loopholes are reduced or not;
(2) compliance, whether the software development project meets the relevant regulatory requirements.
However, the existing SDL implementation quality evaluation method cannot accurately and comprehensively evaluate the SDL implementation quality, so that the SDL implementation effect is reduced, the system safety and reliability are finally reduced, and the safety risk is increased.
Disclosure of Invention
The embodiment of the invention provides a software security development lifecycle implementation quality evaluation method and device, which are used for solving the technical problem that the safety and reliability of an SDL implementation quality evaluation method in the prior art are reduced.
In order to solve the above technical problem, in one aspect, an embodiment of the present invention provides a method for evaluating implementation quality of a software security development lifecycle, including:
obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
Further, the process conformity evaluation elements include leadership attach, resource implementation, safety training, threat modeling, milestone events, final safety review and safety response planning.
Further, the result conformity evaluation elements comprise target type loopholes, safety compliance, continuous education, assessment standard reaching, automation degree and management cost.
Further, the calculating an evaluation value of the SDL implementation quality according to the value of each process conformity evaluation element and the value of each result conformity evaluation element by using a preset weighted summation algorithm specifically includes:
calculating a process conformity evaluation value by utilizing a first weighted summation algorithm according to the value of each process conformity evaluation element;
calculating a result conformity evaluation value by using a second weighted summation algorithm according to the value of each result conformity evaluation element;
and determining an evaluation value of SDL implementation quality according to the process conformity evaluation value and the result conformity evaluation value, wherein the evaluation value of the SDL implementation quality is equal to the sum of the process conformity evaluation value and the result conformity evaluation value.
Further, the first weighted sum algorithm is formulated as follows:
PC=A1*α1+A2*α2+A3*α3+A4*α4+A5*α5+A6*α6+A7*α7
wherein, PC is a process conformity evaluation value, A1 is a value regarded by leaders, A2 is a value of implementation resources, A3 is a value of safety training, A4 is a value of threat modeling, A5 is a value of a milestone event, A6 is a value of final safety review, A7 is a value of safety response planning, α is a value of safety review1、α2、α3、α4、α5、α6And α7Are all preset weight values.
Further, the second weighted sum algorithm is formulated as follows:
RC=B1*β1+B2*β2+B3*β3+B4*β4+B5*β5+B6*β6
wherein RC is a result conformity evaluation value, B1 is a value of a target type vulnerability, B2 is a value of safety compliance, B3 is a value of persistent education, B4 is a value of assessment standard, B5 is a value of automation degree, B6 is a value of management cost, and β is a value of management cost1、β2、β3、β4、β5And β6Are all preset weight values.
Further, the value of each process conformity evaluation element and the value of each result conformity evaluation element are both 0 or 1, when the value is 0, the characterization evaluation element does not meet the preset requirement, and when the value is 1, the characterization evaluation element meets the preset requirement.
On the other hand, an embodiment of the present invention provides a software security development lifecycle implementation quality evaluation apparatus, including:
the acquisition module is used for acquiring the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and the evaluation module is used for calculating the evaluation value of the SDL implementation quality by utilizing a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
In another aspect, an embodiment of the present invention provides an electronic device, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method when executing the computer program.
In yet another aspect, the present invention provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the above method.
The method and the device for evaluating the implementation quality of the software safety development life cycle determine the level of the SDL implementation quality through the common combination of the process conformity and the result conformity, evaluate the SDL project implementation quality more comprehensively and scientifically, and improve the safety and the reliability of a software system.
Drawings
Fig. 1 is a schematic diagram of a software security development lifecycle implementation quality evaluation method provided by an embodiment of the present invention;
fig. 2 is a schematic diagram of an SDL implementation quality evaluation model according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a software security development lifecycle implementation quality evaluation apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, because certain theoretical system support is lacked when the SDL is developed, most of the SDL only refers to the SDL of Microsoft, and the practical situation is not considered, so that only fur is learned, and the practical problem cannot be solved. From the current state of the art, there are several disadvantages as follows:
firstly, the quality evaluation of the SDL is too complete, and the benefit brought by the SDL implementation cannot be evaluated on the whole;
(II) one thing is to seek for the sake, and the combination with the actual situation of each enterprise developing the SDL is lacked;
and (III) the popularization of a single department is difficult, and the unified consciousness is difficult to form in the whole company.
The implementation of the SDL is a relatively large project for a general enterprise, which needs to consume a large amount of manpower and material resources, and the time for executing a project is relatively long, but when the project is completed, the enterprise obtains what from the project, and the evaluation is difficult. Therefore, the invention designs a scientific evaluation method of SDL implementation quality based on conformity assessment through a large amount of reference related data, rich SDL project practice, client forms covering all levels, investigation of personnel at different posts in a company and scientific analysis.
Fig. 1 is a schematic diagram of a software security development lifecycle implementation quality evaluation method according to an embodiment of the present invention, and as shown in fig. 1, an embodiment of the present invention provides a software security development lifecycle implementation quality evaluation method whose execution subject is a software security development lifecycle implementation quality evaluation device. The method comprises the following steps:
s101, obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result.
And S102, calculating an evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
Specifically, first, the value of each process conformity evaluation element and the value of each result conformity evaluation element are acquired. Wherein, the process conformity evaluation element represents the quality of the SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result.
Fig. 2 is a schematic diagram of an SDL implementation quality evaluation model provided in an embodiment of the present invention, and as shown in fig. 2, the embodiment of the present invention evaluates the SDL implementation quality using two levels of process conformity and result conformity, where the process conformity includes seven evaluation elements: leading attention, resource implementation, safety training, threat modeling, milestone events, final safety evaluation and safety response planning; the results agreement contained six evaluation factors: certain types of loopholes, safety compliance, continuous education, standard assessment, automation degree and management cost.
Then, after the value of each process conformity evaluation element and the value of each result conformity evaluation element are obtained, a preset weighted summation algorithm is used for calculating the evaluation value of the SDL implementation quality according to the value of each process conformity evaluation element and the value of each result conformity evaluation element, and the calculation process is as follows:
1. and calculating the process conformity evaluation value by utilizing a first weighted summation algorithm according to the value of each process conformity evaluation element. The process conformity evaluation elements are shown in table 1.
TABLE 1 Process conformity assessment factor
Figure BDA0002292355620000061
The first weighted sum algorithm is formulated as follows:
PC=A1*α1+A2*α2+A3*α3+A4*α4+A5*α5+A6*α6+A7*α7
wherein, PC is a process conformity evaluation value, A1 is a value regarded by leaders, A2 is a value of implementation resources, A3 is a value of safety training, A4 is a value of threat modeling, A5 is a value of a milestone event, and A6 is a value of final safety reviewValue, A7 is the value of safety response program, α1、α2、α3、α4、α5、α6And α7Are all preset weight values.
2. And calculating the result conformity evaluation value by using a second weighted summation algorithm according to the value of each result conformity evaluation element. The results are shown in Table 2 for conformity evaluation factors.
TABLE 2 evaluation factors for conformity of results
Figure BDA0002292355620000062
Figure BDA0002292355620000071
The second weighted sum algorithm is formulated as follows:
RC=B1*β1+B2*β2+B3*β3+B4*β4+B5*β5+B6*β6
wherein RC is a result conformity evaluation value, B1 is a value of a target type vulnerability, B2 is a value of safety compliance, B3 is a value of persistent education, B4 is a value of assessment standard, B5 is a value of automation degree, B6 is a value of management cost, and β is a value of management cost1、β2、β3、β4、β5And β6Are all preset weight values.
3. An evaluation value of the SDL implementation quality is determined according to the process conformity evaluation value and the result conformity evaluation value, and the evaluation value of the SDL implementation quality is equal to the sum of the process conformity evaluation value and the result conformity evaluation value. Is formulated as follows:
IQ=PC+RC
wherein IQ is the evaluation value of SDL implementation quality, PC is the evaluation value of process conformity degree, and RC is the evaluation value of result conformity degree.
The value of each process conformity evaluation element and the value of each result conformity evaluation element are both 0 or 1, when the value is 0, the representation evaluation element does not accord with the preset requirement, and when the value is 1, the representation evaluation element accords with the preset requirement.
Among the evaluation elements covered by the process conformity and the result conformity, various key indexes encountered in the SDL implementation process are basically covered, so that the scientificity, comprehensiveness and reasonability of the evaluation method are ensured. The larger the value, the higher the quality of the implementation, the highest standard being 100%.
In order to fully show the technical effect brought by the invention, A, B two SDL projects are selected, on one hand, the application of the formula mentioned in the invention is shown; on the other hand, the comparison of the two items of A, B fully shows the advantages of the invention.
The experimental data for project a are shown in table 3.
TABLE 3 Experimental data for the A project
Figure BDA0002292355620000072
Figure BDA0002292355620000081
The experimental data of item B are shown in table 4.
TABLE 4B Experimental data for the project
Figure BDA0002292355620000082
From the two items listed above, it is evident that the item B implementation quality is higher than the item a.
Compared with the prior art, the invention creatively provides the concepts of process conformity and result conformity, and the level of the SDL implementation quality is determined by the common combination of two dimensions; meanwhile, each conformity degree contains different evaluation factors, so that the content is more detailed and comprehensive. The invention can more comprehensively and scientifically evaluate the implementation quality of the SDL project.
Based on any of the above embodiments, further, fig. 3 is a schematic diagram of a software security development lifecycle implementation quality evaluation apparatus provided in an embodiment of the present invention, and as shown in fig. 3, an embodiment of the present invention provides a software security development lifecycle implementation quality evaluation apparatus, including an obtaining module 301 and an evaluation module 302, where:
the obtaining module 301 is configured to obtain a value of each process conformity evaluation element and a value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result; the evaluation module 302 is configured to calculate an evaluation value of the SDL implementation quality according to a value of each process conformity evaluation element and a value of each result conformity evaluation element by using a preset weighted summation algorithm.
The software safety development life cycle implementation quality evaluation device provided by the embodiment of the invention determines the level of the SDL implementation quality through the common combination of the two dimensions of the process conformity and the result conformity, so that the SDL project implementation quality is evaluated more comprehensively and scientifically, and the safety and the reliability of a software system are improved.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 4, the electronic device includes: a processor (processor)401, a communication Interface (communication Interface)402, a memory (memory)403 and a communication bus 404, wherein the processor 401, the communication Interface 402 and the memory 403 complete communication with each other through the communication bus 404. The processor 401 and the memory 402 communicate with each other via a bus 403. Processor 401 may call logic instructions in memory 403 to perform the following method:
obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
In addition, the logic instructions in the memory may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Further, embodiments of the present invention provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the steps of the above-described method embodiments, for example, including:
obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
Further, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the above method embodiments, for example, including:
obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A software security development life cycle implementation quality evaluation method is characterized by comprising the following steps:
obtaining the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and calculating the evaluation value of the SDL implementation quality by using a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
2. The software security development lifecycle enforcement quality evaluation method of claim 1, wherein the process compliance evaluation elements include leadership attach, enforcement resources, security training, threat modeling, milestone events, final security review, and security response planning.
3. The software security development lifecycle enforcement quality assessment method according to claim 2, wherein the result compliance assessment elements include target type vulnerabilities, security compliance, persistent education, qualification standards, degree of automation, and management costs.
4. The method for evaluating the implementation quality of the software safety development lifecycle according to claim 3, wherein the calculating the evaluation value of the SDL implementation quality according to the value of each process conformity evaluation element and the value of each result conformity evaluation element by using a preset weighted summation algorithm specifically comprises:
calculating a process conformity evaluation value by utilizing a first weighted summation algorithm according to the value of each process conformity evaluation element;
calculating a result conformity evaluation value by using a second weighted summation algorithm according to the value of each result conformity evaluation element;
and determining an evaluation value of SDL implementation quality according to the process conformity evaluation value and the result conformity evaluation value, wherein the evaluation value of the SDL implementation quality is equal to the sum of the process conformity evaluation value and the result conformity evaluation value.
5. The software security development lifecycle enforcement quality assessment method of claim 4, wherein the first weighted sum algorithm is formulated as follows:
PC=A1*α1+A2*α2+A3*α3+A4*α4+A5*α5+A6*α6+A7*α7
wherein, PC is a process conformity evaluation value, A1 is a value regarded by leaders, A2 is a value of implementation resources, A3 is a value of safety training, A4 is a value of threat modeling, A5 is a value of a milestone event, A6 is a value of final safety review, A7 is a value of safety response planning, α is a value of safety review1、α2、α3、α4、α5、α6And α7Are all preset weight values.
6. The software security development lifecycle enforcement quality assessment method of claim 4, wherein the second weighted sum algorithm is formulated as follows:
RC=B1*β1+B2*β2+B3*β3+B4*β4+B5*β5+B6*β6
wherein RC is a result conformity evaluation value, B1 is a value of a target type vulnerability, B2 is a value of safety compliance, B3 is a value of persistent education, B4 is a value of assessment standard, B5 is a value of automation degree, B6 is a value of management cost, and β is a value of management cost1、β2、β3、β4、β5And β6Are all preset weight values.
7. The software safety development life cycle implementation quality evaluation method according to any one of claims 1 to 6, characterized in that the value of each process conformity evaluation element and the value of each result conformity evaluation element are both 0 or 1, when the value is 0, the characterization evaluation element does not meet the preset requirement, and when the value is 1, the characterization evaluation element meets the preset requirement.
8. A software security development life cycle implementation quality evaluation device is characterized by comprising:
the acquisition module is used for acquiring the value of each process conformity evaluation element and the value of each result conformity evaluation element; the process conformity evaluation element represents the quality of the software safety development life cycle SDL implementation process, and the result conformity evaluation element represents the quality of the SDL implementation result;
and the evaluation module is used for calculating the evaluation value of the SDL implementation quality by utilizing a preset weighted summation algorithm according to the value of each process conformity evaluation element and the value of each result conformity evaluation element.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the software security development lifecycle enforcement quality assessment method according to any one of claims 1 to 7 when executing the computer program.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the software security development lifecycle enforcement quality assessment method of any one of claims 1 to 7.
CN201911185730.2A 2019-11-27 2019-11-27 Software security development life cycle implementation quality evaluation method and device Pending CN110989974A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911185730.2A CN110989974A (en) 2019-11-27 2019-11-27 Software security development life cycle implementation quality evaluation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911185730.2A CN110989974A (en) 2019-11-27 2019-11-27 Software security development life cycle implementation quality evaluation method and device

Publications (1)

Publication Number Publication Date
CN110989974A true CN110989974A (en) 2020-04-10

Family

ID=70087552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911185730.2A Pending CN110989974A (en) 2019-11-27 2019-11-27 Software security development life cycle implementation quality evaluation method and device

Country Status (1)

Country Link
CN (1) CN110989974A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112884386A (en) * 2021-04-29 2021-06-01 北京国舜宸锋科技有限公司 Software development full life cycle safety management effect evaluation method and system
CN112988227A (en) * 2021-03-30 2021-06-18 亚联(天津)信息技术有限责任公司 Evaluation method based on installation package full life cycle metadata and related equipment
CN116227999A (en) * 2023-02-09 2023-06-06 江苏省工商行政管理局信息中心 Quantitative calculation system and method for market supervision software operation and maintenance service quality evaluation index

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9069968B2 (en) * 2012-01-30 2015-06-30 Nokia Technologies Oy Method and apparatus providing privacy benchmarking for mobile application development
CN109408359A (en) * 2018-08-03 2019-03-01 中国人民解放军63928部队 A kind of software test procedure quality metric method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9069968B2 (en) * 2012-01-30 2015-06-30 Nokia Technologies Oy Method and apparatus providing privacy benchmarking for mobile application development
CN109408359A (en) * 2018-08-03 2019-03-01 中国人民解放军63928部队 A kind of software test procedure quality metric method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
孟波: "银行维护类软件项目的质量改进与评价方法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王志皓等: "基于SDL的软件安全测试方法研究", 《ELECTRIC POWER IT》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112988227A (en) * 2021-03-30 2021-06-18 亚联(天津)信息技术有限责任公司 Evaluation method based on installation package full life cycle metadata and related equipment
CN112884386A (en) * 2021-04-29 2021-06-01 北京国舜宸锋科技有限公司 Software development full life cycle safety management effect evaluation method and system
CN116227999A (en) * 2023-02-09 2023-06-06 江苏省工商行政管理局信息中心 Quantitative calculation system and method for market supervision software operation and maintenance service quality evaluation index
CN116227999B (en) * 2023-02-09 2024-04-05 江苏省工商行政管理局信息中心 Market supervision software operation and maintenance service quality evaluation index quantitative measurement system and method

Similar Documents

Publication Publication Date Title
Yusif et al. A conceptual model for cybersecurity governance
Vidhyalakshmi et al. Determinants of cloud computing adoption by SMEs
Chang et al. A resiliency framework for an enterprise cloud
Salleh et al. Adoption of Big Data Solutions: A study on its security determinants using Sec-TOE Framework
US8782784B1 (en) Framework for implementing security incident and event management in an enterprise
Choo et al. Pragmatic adaptation of the ISO 31000: 2009 enterprise risk management framework in a high-tech organization using Six Sigma
Brotherston et al. Defensive security handbook
CN112651619A (en) Business-oriented wind control method and device
US20170269971A1 (en) Migrating enterprise workflows for processing on a crowdsourcing platform
CN110989974A (en) Software security development life cycle implementation quality evaluation method and device
Irsheid et al. Information security risk management models for cloud hosted systems: A comparative study
Bhatia et al. CSPCR: Cloud Security, Privacy and Compliance Readiness-A Trustworthy Framework.
Baikloy et al. Development of Cyber Resilient Capability Maturity Model for Cloud Computing Services.
Mackey Building open source security into agile application builds
Carcary et al. A framework for managing cybersecurity effectiveness in the digital context
Jhanjhi et al. Navigating cyber threats and cybersecurity in the logistics industry
Al-Maatouk et al. A cloud based framework for e-government implementation in developing countries
Varela et al. The scenario of software asset management (SAM) in large and midsize companies
Fakieh et al. Success in the digital economy: Cloud computing, SMEs and the impact to national productivity
Lessing Best practices show the way to Information Security Maturity
Akinrolabu Can improved transparency reduce supply chain risks in cloud computing?
Iovan et al. A framework for a sustainable software security program
Prokhorova et al. DEVISING A METHODOLOGY FOR ESTIMATING THE INFORMATION POTENTIAL OF ENERGY ENTERPRISES UNDER THE CONDITIONS OF DIGITAL COHERENCY.
Alqahtani et al. Mobile holistic enterprise transformation framework
Luukkonen et al. Cybersecurity for Small and Medium-Sized Businesses

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200410

RJ01 Rejection of invention patent application after publication
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载