The Place and Role of Security Patterns in Software Development Process

Abstract

Security is one of the key quality attributes for many contemporary software products. Designing, developing, and maintaining such software necessitates the use of a secure-software development process which specifies how achieving this quality goal can be supported throughout the development life-cycle. In addition to satisfying the explicitly-stated functional security requirements, such process is aimed at minimising the number of vulnerabilities in the design and the implementation of the software. The secure software development is a challenging task spanning various stages of the development process. This inherent difficulty may be to some extent alleviated by the use of the so-called security patterns, which encapsulate knowledge about successful solutions to recurring security problems. The paper provides an overview of the state of the art in the secure software development processes and describes the role and place of security patterns in these processes. The current usage of patterns in the secure software development is analysed, taking into account both the role of patterns in the development processes, and the limitations of the security patterns available.