Assign
ZEKEB
BaidenLTIM-8340-2.docxSoftware Development Standards and Laws 2
Federal And Defense Software Development Standards and Laws
Lawrence Baiden
Northcentral University
TIM-8430 vs 3: Secure Software Development
Prof. Paul Harig
Sep 25, 2022
Federal And Defense Software Development Standards and Laws
Software development regulations may include guidelines for a safe software development process. For the most part, standards specify procedures regarding requirements that the papers or the data must meet. In addition to the more common forms of development products, such as user requirements, standards often identify process-oriented papers, such as evaluations of work in progress and reports for upper management. By comparing these records with the development restrictions, the level of standard compliance may be determined. Therefore, compliance must be managed rather than enforced since it is not feasible or desirable to enforce at every development stage. In this article, we establish the existing standards, legal rules, and compliance and then introduce and describe the company (Apple) that will focus on assessing federal and military software development laws and regulations. Following this, we detail the norms that guided the proposal's steps toward more safe software development for the chosen company. Finally, we elaborate on how the suggested software development standards and practices would aid the business as a whole in meeting its goals and objectives.
Company Description
It is no surprise that Apple is among the Big Five of technology's history's most prominent corporations in terms of brand recognition. Since its early days working out of a garage, Apple has been at the forefront of clever innovation in consumer technology, producing groundbreaking products like the iPhone and classics like the Apple II. Jobs and Wozniak had an everyday buddy who set them up. Ultimately, the chance encounter altered the course of contemporary technology. In the early 1970s, Steve Wozniak built the first working prototype of the Apple I computer, which included a wide display and a keyboard. He was, therefore, the first computer to resemble modern computers. Jobs was able to see the possibilities of the concept immediately. On April 1, 1976, the two established Apple Computers Inc. (Jin, 2020).
Apple provides a wide variety of electronic devices for home use. The iPhone, iPad, MacBook, and Apple Watch are just a few of the company's best-selling goods. Apple's 147,000 workers are spread throughout various fields and functions, including commerce, development, electronics, artificial intelligence and machine learning support and service, design, and more. Services such as Apple Music (which debuted in June 2015) and Apple TV (which debuted in 2019) are also available from Apple. Wolfwalkers for Best Animated Feature and Greyhound for Best Sound were created by Apple TV and nominated for Academy Awards in 2021. Apple also caters to the needs of institutions of higher learning, corporations, hospitals, and government agencies with a range of carefully chosen goods and services. Before Steve Jobs' death in 2011, Tim Cook succeeded him as CEO. Apple is one of the biggest technology businesses in the world, and its product line continues to expand. Apple has a firm grasp of technology but also knows how to run a successful company. Apple has made many significant investments and purchases throughout the years. It bought many companies, including NeXT Computer (1996), Beats Electronics (2014), Shazam (2017), and Texture (2018). (Jin, 2020). The opportunity to invest in firms like these, which have significantly increased the corporation's library of technology, has been crucial in the corporation's push towards advancement.
Apple Inc. has, throughout the years, embraced several frameworks, standards, rules, and other compliance procedures related to software development. Because of these policies, the company now deals in various technological goods, increasing its market share. However, the organization has experienced various effects due to applying numerous standards. As a result, the company has a tight policy of enforcing adherence to a single software development framework/model subject to a wide range of standards and regulatory constraints (Jin, 2020). In addition, this company follows the agile development framework methodology for creating software for Apple's global consumer base. Standards such as ISO compliance and Agile Software Development are discussed below in light of Apple Inc.'s current software development practices.
ISO Compliance and Agile Framework Standards
Supporters of agile development methodology and advocates of up-front, comprehensive design have clashed over the rise of agile software development practices. At issue here seems to be apprehension about the amount of paperwork that is supposed to be generated throughout the agile development process. Although there are not many suggestions for doing so in reality, agile processes might contain procedures that guarantee adherence to specified guidelines. Agile teams must consider several factors, including performance improvement, greater operational efficiency, high-quality software products, and satisfied customers. Apple Inc. and other big IT companies worldwide are among the many that have attested to their conformity with industry standards by obtaining ISO certification.
Software Development Standards
Any document outlining the guidelines and procedures for developing software is considered a software engineering standard. A software development business like Apple would typically save such records, which are meant for internal use only. Documentation writing is a common need for standard compliance. Agile's stated value of "functioning software above thorough documentation" seems at odds with this. It is important to note that the agile ethos is not inherently anti-documentation; instead, it is opposed to documentation that serves no practical function and gets in the way of a project's ultimate goal of creating high-quality software (Kramer, 2018). Because of their inherent flexibility, agile methods can sometimes conform to established norms. Nonetheless, it would appear that there are essentially no guidelines for incorporating practices that guarantee compliance with stated standards into agile methods. This article proposes a few such principles based on an examination of currently utilized ISO software standards. ISO recommends using a quality manual as a starting point for software engineering. This will allow you to keep tabs on customer happiness while ensuring the highest possible software quality throughout the product's development cycle. This is why it is essential to advocate for a new, secure software development framework at Apple that uses up-to-date development practices and produces high-quality, fully functional software alongside comprehensive documentation. The proposed actions will help improve Apple software products' usability, reliability, effectiveness, and maintenance (Assal & Chiasson, 2018).
ISO Standards for Software Development
International standards such as those established by the International Organization for Standardization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE) are widely used by software companies worldwide to standardize their processes and improve efficiency. To get better outcomes, software development organizations might follow these guidelines, which are principles and best practices (Bk, n.d.). The International Organization for Standardization (ISO) is a worldwide body responsible for establishing norms in various industries, from software to food. The main objective of ISO is to help organizations improve their processes and, by extension, their products and services by providing a set of standards and norms to adhere to.
● The two most essential standards for software development are ISO/IEC 12207 and ISO/IEC 15288, both of which pertain to the Software life cycle procedures and may be substituted for one another. Furthermore, the following standards are also crucial to software development.
● The purpose of ISO/IEC 15939 (Software measurement process) is to define the steps involved in developing, deploying, and improving a software measurement process. Therefore, neither a list of software metrics nor techniques for assessing program quality are provided.
● The ISO/IEC 12207 standard defines the practices to be followed throughout the software life cycle, from inception to retirement. In this concept, there are three life cycle processes: core life cycle processes, auxiliary life cycle procedures, and institutional life cycle processes. In addition, each area has its own set of subprocesses described, along with a set of steps for completing them (Bak, n.d.).
ISO 12207 In Agile Software Development
This section motivates and directs the agile community to embrace the standard. Delegating responsibility for meeting ISO12207 requirements within an agile development team is one approach to ensuring the standard is met. Because of this, this person aids the team in developing the proper artifacts in conformity with the standard. An organizational architecture similar to that proposed by Brooks (1995) is to ensure that developers, especially programmers, are not overburdened by the documentation and administrative tasks needed to comply with the standard. This so-called Surgical Team model consists of an administrator, an editor, a secretary for the director and the publisher, and a software clerk (who handles the organization's evolving artifacts via version and service asset and configuration).
In the 1960s, the above idea for organizing development teams was presented. Although it may not be directly relevant to ongoing software engineering projects, it provides some valuable ideas. Considering the argument that programmers should not be involved in documentation and administration is interesting. Keeping to the ISO standards as required without adding extra work for the developers is the goal of an agile project. Therefore, the documentation team's data collection efforts should be as unobtrusive as possible (Akinsola et al., 2020).
ISO 27001: Information Security
Software development companies widely use the ISO 2700 standards; it addresses information security needs inside a company. The primary goal of ISO 2700 is to strengthen an organization's security measures and protect its assets. The most important benefit of ISO 27001 certification is the confidence that a company's operations and data are secure. Taking this tack might help a company get an advantage over the competition by making it seem more reliable and trustworthy to consumers.
ISO 27001 in Agile Software Development
Acceptance testing must be performed against functional and non-functional requirements, the former of which incorporates safety requirements and is one of the numerous controls ISO27001 defines for software development processes. Isolate the creation, testing, and operational processes; execute security assessment at every stage of development. (Bak, n.d.). Agile, one of several software development methodologies, work well under these constraints. The following controls help this stability in production systems:
● Standard practices for handling organizational and technological shifts Maintaining a strict no-changes policy for software provided by vendors.
● Even during development, designing different management practices is in place to prevent any unintended shifts.
● Compulsory software and operating system installation protocols, along with who may perform what, and particular testing standards for operating system upgrades, including mission-critical testing programs on a new platform.
● Any changes, no matter how "trivial," cannot avoid testing or the change process if development, testing, and functional areas are integrated and accessibility to the source code is tightly controlled.
Apple’s Company Regulations
Apple Inc., like any other company, abides by several industry standards designed to keep it in line with all applicable federal laws and regulations. The Apple organization committee creates standards and protocols to guarantee the company's adherence to government and labor union recommendations for the industry at large. Apple Inc complies with many industry standards, including;
● Privacy
Organizations that maintain a workforce inevitably gather many workers' most private information. In light of this, several laws and guidelines govern how securely and safely businesses store personal information (Wood, 2020). Workers can sue their employer for violating their privacy if the company publishes their personal information such as their Social Security number, address, name, health problems, credit card, bank account details, or personal history. For the sake of trust with its clientele and consumers, Apple Inc. ensures the privacy of its customers, staff, and the company.
● Advertising
A well-planned advertising campaign may do wonders for your company. However, before you jump in, check to see that you comply with all applicable laws and regulations. In this regard, you must ensure that, for instance, neither your advertisements' content nor presentation is dishonest or fraudulent. In addition, there are stricter rules on using testimonials in marketing materials. Because of the potential for monetary penalties, breaking these guidelines is counterproductive to your advertising efforts (Wood, 2020). Apple Inc.'s marketing division has followed strict standards to ensure compliance with all applicable advertising regulations.
● Tax Code
The first topic when discussing government regulation amongst company owners is usually taxation. Nevertheless, there is more to taxes than just writing a check to the government; understanding which business taxes to pay, when to pay them, and how to set up your firm to account for future tax payments may save you many difficulties down the road. In the United States, federal taxes are required for any business. In addition, depending on where their headquarters are located, most businesses will have to pay state taxes. The truth is, we cannot escape them. If you try to avoid paying taxes or decide to do so, you might face severe consequences, including imprisonment (Wood, 2020). Apple, Inc. satisfies these federal statutes' requirements by recording all tax payments.
Proposed Secure Software Development Model
Taking Apple's size into account, it is a shrewd observation to note that specific secure software development settings may not conform to Agile development norms. This is justified by the fact that the safety of software solutions has traditionally relied heavily on an absence of documentation. However, the lack of software documentation does not seem to be the driving force behind adopting the Waterfall model for developing secure software that adheres to all major software development standards.
The software development life cycle is broken down into discrete "phases" in the waterfall methodology. Waterfall refers to the sequential, step-by-step nature of the Waterfall's growth phases (Fitzgerald et al., 2019). For this strategy to work, it is assumed that the development team has access to all or almost all of the relevant details about user needs before the project ever begins. The (often) interdisciplinary development team then works its way through the steps, from brainstorming to coding, with no true turning back. Given that each successive stage of the process is expected to improve the emerging product, it is reasonable to expect a sign-off between them. This paradigm is often used for creating complicated goods that need thorough specifications and effective team communication due to its phase-by-phase structure. This approach requires a high level of communication, which is challenging to implement in any business that has not yet fully developed its resources, procedures, communication habits, and protocols. This function is in line with Apple's massive workforce, colossal inventory of technological goods, and huge client base for its software products. Apple, Inc. will improve its software development security processes by adopting Waterfall software development with all its standards (Fitzgerald et al., 2019).
Conclusion
. The need for more robust cybersecurity measures has grown in recent years. In tandem, we need new ways of thinking about efficient and long-lasting development. Getting approval for each phase's output is crucial in the waterfall paradigm. While Agile and Prototype models are where most projects are now, Waterfall is still a viable option for both large and small projects. The Waterfall approach is most effective when needs are simple and can be easily tested. Meeting this need will require familiarity with all the standards and stages of the secure software development life cycle (SDLC). The secure development lifecycle (SDLC) is a set of practices that aids in the planning, creation, and release of high-quality products by developers and businesses. This is so because on-time delivery of goods is a hallmark of the secure development lifecycle approach. They are made by programmers who know what they are doing, too. Implementing the suggested framework and standards would provide Apple, Inc. with a competitive edge, allowing it to improve the quality of its software products and ultimately achieve its stated objectives for the development environment.
References
Akinsola, J. E., Ogunbanwo, A. S., Okesola, O. J., Odun-Ayo, I. J., Ayegbusi, F. D., & Adebiyi, A. A. (2020). Comparative analysis of software development life cycle models (SDLC). In Computer Science On-line Conference (pp. 310–322). Springer, Cham.
Assal, H., & Chiasson, S. (2018). Security in the software development lifecycle. In Fourteenth symposium on usable privacy and security (SOUPS 2018) (pp. 281-296).
Bąk, A. T. (n.d.). Software development standards: ISO compliance and Agile. SoftKraft. Retrieved September 23, 2022, from https://www.softkraft.co/software-development-standards/ Fitzgerald, K., Browne, L. M., & Butler, R. F. (2019). Using the Agile software development lifecycle to develop a standalone application for generating color-magnitude diagrams. Astronomy and Computing, p. 28, 100283.
Jin, Z. (2020). The Influence of Dividend Policy on the Company Value–Take Apple Inc for an Example. In 2020 2nd International Conference on Economic Management and Cultural Industry (ICEMCI 2020) (pp. 196-200). Atlantis Press.
Kramer, M. (2018). Best practices in systems development lifecycle: An analysis based on the waterfall model. Review of Business & Finance Studies, 9(1), 77–84.
Wood, M. (2020). 11 important government regulations on business you must know. Fundera. Retrieved September 23, 2022, from https://www.fundera.com/blog/government-regulations-on-business
