Improving security in software development process: Case Tieto AS
Kääriäinen, Kimmo Mikael (2019)
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019052712066
https://urn.fi/URN:NBN:fi:amk-2019052712066
Tiivistelmä
Especially in software development information security is an everlasting race against changing threat landscape. Modern intertwined software solutions offer growing amount of attack targets as applications communicate with each other through internet. The more the attack possibilities grow, the more security should be taken into account. Security in software development should not be thought as an add-on feature to be stamped over otherwise ready application. Security in software should be built in and taken into account in all phases of software development lifecycle.
The purpose of this thesis was to evaluate the current status of Secure software development process at Tieto by evaluating it against updated security standards and commonly acknowledged best practices. The main objective was the evaluation and development of the current secure software process, in addition to supporting training material. The research was concluded using action research method, aiming for a change in the studied subject. The analysis for the research was mainly conducted by observations, in addition to use of questionnaire and process evaluation tools. In addition to literature, commonly acknowledged best practice guides were used for the evaluation of the current status of the secure software development process, along with the creation of the process action baseline.
Results from the research indicated that the process and the supporting training material at Tieto are in a reasonable state, yet in need of development. The study showed that security awareness is one of the key factors in the secure software development lifecycle. Accordingly, as an outcome from the research, new security awareness training material was created. By forming the best practice baseline based on selected guidelines and literature, a more descriptive process description was created.
The purpose of this thesis was to evaluate the current status of Secure software development process at Tieto by evaluating it against updated security standards and commonly acknowledged best practices. The main objective was the evaluation and development of the current secure software process, in addition to supporting training material. The research was concluded using action research method, aiming for a change in the studied subject. The analysis for the research was mainly conducted by observations, in addition to use of questionnaire and process evaluation tools. In addition to literature, commonly acknowledged best practice guides were used for the evaluation of the current status of the secure software development process, along with the creation of the process action baseline.
Results from the research indicated that the process and the supporting training material at Tieto are in a reasonable state, yet in need of development. The study showed that security awareness is one of the key factors in the secure software development lifecycle. Accordingly, as an outcome from the research, new security awareness training material was created. By forming the best practice baseline based on selected guidelines and literature, a more descriptive process description was created.