Tuesday, April 1, 2014

CMMI Institute Extends Software Development Framework to Address Security

Security by Design with CMMI for Development V1.3 is available now

PITTSBURGH – April 1, 2014 – The CMMI Institute, the leading center for global best practices and organizational benchmarking, announced today it has extended the CMMI for Development framework to address security concerns in software and systems development.  This increased emphasis on security will help developers to protect their work from attack.
Security attacks against major companies have become regular headlines.  In many cases, hackers are taking advantage of weaknesses resulting from inattention to basic security measures.  An August 2013 study of Ponemon Institute and Security Innovation found that most software development organizations do not consider security in the development process, leaving the end applications and products vulnerable.  While this absence may appear to keep costs down, any savings realized by disregarding security during development is lost many times over when costly updates are required after product releases, or worse, when a breach occurs and requires significant effort to remedy.
Another Ponemon Institute 2013 research study, sponsored by Symantec, found global security breach costs ranging from $1.1 to $5.4 million per breach.  
CMMI adoption results in cost savings by increasing speed to market and reducing costs connected to defects and rework.  CMMI for Development is a framework of practices designed to improve quality and reliability in development processes, and many users have included security efforts in CMMI adoptions.  Today's news addresses security in a new way, with a set of practices explicitly designed to include security concerns in CMMI adoption and appraisals.
With the release of a technical report entitled, Security by Design with CMMI for Development V1.3:  An Application Guide for Improving Processes for Secure Products, the CMMI framework is extended to include guidelines for including security requirements as a quality criteria in the development process.  Specific new process areas include Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation.  By integrating security into systematic management of the development process, companies will reduce security risks and costs for themselves and their customers.  
"We understand that security issues concern every level of the technology centered enterprise," said Kirk Botula, CEO, CMMI Institute.  "At the institute, we are actively seeking ways to help CMMI users tailer the frameworks to best meet their organization's business goals.  We are pleased to help organizations to develop operational resiliency against attacks by creating sustainable methods for developing secure products."
Security by Design with CMMI for Development V1.3, along with a usage guide and a recording of a global webinar, is available for download at www.cmmiinstitute.com/securityextension
Broadsword Solutions is a proud partner of the CMMI Institute.  Through its work related to CMMI adoption and appraisal, Broadsword helps organizations to build operational resiliency by creating sustainable processes.  The resources announced today will allow Broadsword's clients to achieve new levels of success and security.
Broadsword is a Process Innovation firm that provides model-based performance improvement solutions for engineering and information technology organizations throughout North America.  Our tools and solutions are customized for each client and are based on Carnegie Mellon University's Capability Maturity Model Integration. Broadsword is a CMMI Institute Partner that provides technologies, tools, training, appraisals, and end-to-end solutions for performance innovation in the automotive, defense, aerospace, and government sectors.
Broadsword has offices in Michigan, Washington, D.C., and San Diego, and can be reached at www.broadswordsolutions.com.