CMMI Institute Extends Software Development Framework to Address Security

Security by Design with CMMI for Development V1.3 is available now 

PITTSBURGH - Wednesday, April 2nd 2014 [ME NewsWire]

(BUSINESS WIRE)-- The CMMI Institute, the leading center for global best practices and organizational benchmarking, announced today it has extended the CMMI for Development framework to address security concerns in software and systems development. This increased emphasis on security will help developers to protect their work from attack.

Security attacks against major companies have become regular headlines. In many cases, hackers are taking advantage of weaknesses resulting from inattention to basic security measures. An August 2013 study of Ponemon Institute and Security Innovation found that most software development organizations do not consider security in the development process, leaving the end applications and products vulnerable. While this absence may appear to keep costs down, any savings realized by disregarding security during development is lost many times over when costly updates are required after product releases, or worse, when a breach occurs and requires significant effort to remedy.

Another Ponemon Institute 2013 research study, sponsored by Symantec, found global security breach costs ranging from $1.1 to $5.4 million per breach.

CMMI adoption results in cost savings by increasing speed to market and reducing costs connected to defects and rework. CMMI for Development is a framework of practices designed to improve quality and reliability in development processes, and many users have included security efforts in CMMI adoptions. Today’s news addresses security in a new way, with a set of practices explicitly designed to include security concerns in CMMI adoption and appraisals.

With the release of a technical report entitled, Security by Design with CMMI for Development V1.3: An Application Guide for Improving Processes for Secure Products, the CMMI framework is extended to include guidelines for including security requirements as quality criteria in the development process. Specific new process areas include Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation. By integrating security into systematic management of the development process, companies will reduce security risks and costs for themselves and their customers.

“We understand that security issues concern every level of the technology centered enterprise,” said Kirk Botula, CEO, CMMI Institute. “At the institute, we are actively seeking ways to help CMMI users tailor the frameworks to best meet their organization’s business goals. We are pleased to help organizations to develop operational resiliency against attacks by creating sustainable methods for developing secure products.”

Security by Design with CMMI for Development V1.3, along with a usage guide and a recording of a global webinar, is available for download at www.cmmiinstitute.com/securityextension

About CMMI Institute

The CMMI Institute, a subsidiary of Carnegie Mellon University, is dedicated to elevating organizational performance through best-in-class solutions to real-world challenges. The institute is the home of the Capability Maturity Model Integration (CMMI) for Development, Services, and Acquisition; and the People Capability Maturity Model, which are process improvement models that create high-performance, high-maturity cultures. The models are used in thousands of organizations worldwide to deliver business results that serve as differentiators in the global market.

To learn more about how CMMI can help your organization elevate performance, visit cmmiinstitute.com and make plans to attend the CMMI Conference in May 2014.

Contacts

CMMI Institute

Katie Tarara, 412-282-4042

ktarara@cmmiinstitute.com

Lois Paul & Partners

Brandi Ellerbee, 512-638-5327

Brandi_Ellerbee@lpp.com

Permalink: http://me-newswire.net/news/10523/en