Abstract Need

Secure Software Project Management, Sustainment & Procurement

Objectives

• Identify methods to manage a project that has high security and high assurance requirements.
• Identify methods to sustain security and quality in code during enhancement and maintenance.
• Control change in a software project through the use of change control techniques.
• Explore  techniques and principles for software acquisition.

Topics

Project risk management; contract management, software acquisition, software maintenance, software enhancement, change control board, software reuse

OERs

• DHS. (2007). Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software. Retrieved from: https://learn.umgc.edu/content/enforced/313879-M_022073-01-2185/Common_Body_of_Knowledge2007.pdf?_&d2lSessionVal=yHNXTIp6y56ZPEX8jKq29unVQ&ou=313879.

• Chapter 11 Secure Software Project Management Pages 159 - 166
• Chapter 12  Secure Software Sustainment Pages 167 - 190
• Chapter 13 Acquiring Secure Software Pages 195 - 218

Review Questions

1. What methods can be used to control change in developing and maintaining secure software?
2. How much control does a Project manager have with four parameters of project management in managing secure, high assurance software. The four parameters are: scope,  quality, resource and time.

(These questions are intended to be a self-test of your comprehension of this session's material; answers to these questions do not need to be turned in.)

 

Session Notes

Chapter 11 of CBK is on project management for developing well-assured software. The CMMi process improvement processes are quite applicable here. Quality, schedule and budget  are the main concerns of project management. They often conflict. Personnel management, risk management, selection of secure methodology and tools, using off-the-shelf software, and using development resources outside the enterprise are components and concerns of secure project management. Logic bombs can be an issue with off-the-shelf software and outsourced software.

Chapter 12 of CBK is on software sustainment. You need to maintain a formal process during maintenance including:

• Sustaining quality and security in the code
• Doing software upgrades (upgrades of OS, DBMS, etc.)
• Performing validation and verification activities
• Incorporating new developers into the project
• Incorporating new features
• Identifying new threats
• Impact analysis of new threats
• Fixing vulnerabilities discovered in the field
• Controlling change
• Assuring changes

Change control needs to be managed well to have any sanity during maintenance.  We will devote our session Discussion to these maintenance activities.

 

Many of you in government will be involved in  software acquisition even more so than software development. There was CMMi constellation of processes just devoted to acquisition in CMMi V1.3. in CMMi V2.0, the process areas for Development, Service and Acquisition have been unified. 

Chapter 13 of CBK is on acquisition. 

 

____________________________________________________________________________

© 2020 University of Maryland Global Campus.