摘要
近年来,国内有大量互联网企业开始实施安全软件开发生命周期(S-SDLC)。高安全软件的可用性较差,敏捷开发的连续性受限等反面效果阻碍了S-SDLC的推进。为了提高对S-SDLC的认同感和重视程度,面向安全负责人进行意见收集,根据安全基本属性和产品开发风险相关因素,使用层次分析法(AHP)进行评估分析,得出S-SDLC流程步骤是S-SDLC落实过程中的最大影响因素。最后进行案例分析,对某企业的S-SDLC落地实施进行改进。
In recent years,a large number of domestic Internet companies have begun to implement the Security Software Development Life Cycle(S-SDLC).However,adverse effects such as poor availability of high security software and limited continuity of agile development have hindered the advancement of S-SDLC.In order to improve the recognition and importance of S-SDLC,opinions from security leaders are collected.According to the basic security attributes and product development risk-related factors,an analytic hierarchy process(AHP)is used for evaluation and analysis,and it is concluded that the S-SDLC process steps are the biggest influencing factors in the implementation of S-SDLC.Finally,a case study is conducted to improve the implementation of S-SDLC implementation of a certain company.
作者
顾先华
施勇
薛质
GU Xian-hua;SHI Yong;XUE Zhi(School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《通信技术》
2020年第1期225-229,共5页
Communications Technology
基金
国家重点研发计划项目“网络空间安全”重点专项(No.2017YFB0803200)~~
