软件开发过程中的安全前置研究与实践
Research and Practice of Shift Left Security in Software Development Process
王戈 1徐雷 1郭新海 1徐锋 2徐积森3
作者信息
- 1. 中国联通研究院,北京 100048;下一代互联网宽带业务应用国家工程研究中心,北京 100048
- 2. 杭州孝道科技有限公司,浙江杭州 310020
- 3. 中国联合网络通信集团有限公司,北京 100033
- 折叠
摘要
软件开发过程中的安全前置是确保软件安全的关键策略,但在实践中仍面临诸多挑战.为此,借鉴SDL和DevSecOps模型中将安全融入软件开发的各个阶段这一理念,建设安全能力与自动化工具链,构建软件开发安全管理体系,并通过建立软件开发过程中各阶段安全能力的关联来提升安全测试效率,在提升软件安全性的同时又降低了软件后期因安全问题而产生的维护成本,真正在软件开发过程中落实了安全前置的理念,并充分发挥了安全前置的作用.
Abstract
Shift left security in the software development process is a key strategy to ensure software safety,though it still faces many challenges in practice.Therefore,by adopting the concept from the SDL and DevSecOps models of integrating security into all stages of software development,it builds security capabilities and automated tool-chains,establishs a software development security management system,and enhance the association of security capabilities at various stages of software development to improve security testing efficiency,which improves software security and also reduces maintenance costs incurred due to security issues later in the software lifecycle,thereby truly implementing the shift left security philosophy in software development and fully leveraging its benefits.
关键词
软件安全/安全前置/软件生命周期Key words
Software security/Shift left security/Software lifecycle引用本文复制引用
出版年
2024
NETL
NSTL
万方数据