Propiedades del software seguro en el ciclo de vida del desarrollo de sistemas: una fundamentación teórica
Secure software properties in the systems’ development lifecycle: a theoretical foundation
DOI:
https://doi.org/10.33110/inceptum.v19i2.457Keywords:
ciberseguridad, software seguroAbstract
Este artículo pretende aportar una fundamentación teórica sobre el impacto positivo de integrar la ciberseguridad en el ciclo de vida del desarrollo de un software -programa o sistema informático-; ésta debe ser incluida en las diversas propiedades del programa informático, así como en cada una de las fases de las metodologías de desarrollo ágil. De tal forma, en este análisis cualitativo se abordarán modelos, estándares y metodologías, cuyo enfoque es precisamente la ciberseguridad en el ciclo de vida de desarrollo de software (SDLC, por sus siglas en inglés). Este análisis cualitativo intenta puntualizar aspectos como las necesidades particulares de la organización, indicadores, tiempo de implementación, recursos, rendimiento, curva de aprendizaje y otros elementos relevantes que se deben considerar en el SDLC.
Downloads
References
ACM Digital Library (2024) ACM Digital Library. Available at: https://dl.acm.org/ (Accessed: 4 June 2024).
Al-Matouq, H. et al. (2020) ‘A Maturity Model for Secure Software Design: A Multivocal Study’, IEEE Access, 8, pp. 215758–215776. Available at: https://doi.org/10.1109/ACCESS.2020.3040220.
Campos, F. et al. (2013) ‘Enfoque de sistemas: Proceso seguro para el desarrollo de software ágil’.
Casas, M. (2021) ‘Madurez del ciclo de vida del desarrollo de software seguro: OWASP Software Assurance Maturity Model (SAMM)’.
Clasp Owasp - CLASP OWASP Autores: Beiker Santorum, Jaime Paqui Julio 2022 1. Introducci ́on En la - Studocu (no date). Available at: https://www.studocu.com/ec/document/universidad-nacional-de-loja/seguridad-de-la-informacion/clasp-owasp/39430268 (Accessed: 19 March 2024).
CyberSecurity Malaysia (2020) ‘Guidelines for Secure Software Development Life Cycle (SSDLC) Reference’.
Diéguez, M. and Cares, C. (2012) ‘De la Gestión de Seguridad en el Ciclo de Vida del Software’, in.
Fujdiak, R. et al. (2019) ‘Managing the Secure Software Development’, in 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), CANARY ISLANDS, Spain: IEEE, pp. 1–4. Available at: https://doi.org/10.1109/NTMS.2019.8763845.
Google Académico (2024) Google Académico. Available at: https://scholar.google.es/schhp?hl=es (Accessed: 4 June 2024).
Gregoire, J. et al. (2007) ‘On the Secure Software Development Process: CLASP and SDL Compared’, in, pp. 1–1. Available at: https://doi.org/10.1109/SESS.2007.7.
Guio, N.S.B. (2020) ‘ANÁLISIS COMPARATIVO ENTRE METODOLOGÍAS PARA EL DESARROLLO SOFTWARE SEGURO DE ACUERDO CON EL ESTÁNDAR ISO/IEC 15408’.
IEEE Standards Association (no date) IEEE Standards Association. Available at: https://standards.ieee.org (Accessed: 4 June 2024).
IEEE Xplore (2024) IEEE Xplore. Available at: https://ieeexplore.ieee.org/Xplore/home.jsp (Accessed: 4 June 2024).
ISO/IEC 27034-7:2018 (2018) ISO/IEC 27034-7:2018(en), Information technology — Application security — Part 7: Assurance prediction framework. Available at: https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27034:-7:ed-1:v1:en (Accessed: 19 March 2024).
Jarzębowicz, A. and Weichbroth, P. (2021) ‘A Qualitative Study on Non-Functional Requirements in Agile Software Development’, IEEE Access, 9, pp. 40458–40475. Available at: https://doi.org/10.1109/ACCESS.2021.3064424.
Khan, R.A. et al. (2022) ‘Systematic Literature Review on Security Risks and its Practices in Secure Software Development’, IEEE Access, 10, pp. 5456–5481. Available at: https://doi.org/10.1109/ACCESS.2022.3140181.
Kudriavtseva, A. and Gadyatskaya, O. (2023) ‘Secure Software Development Methodologies: A Multivocal Literature Review’. arXiv. Available at: http://arxiv.org/abs/2211.16987 (Accessed: 18 May 2024).
Microsoft Security Development Lifecycle Practices (no date). Available at: https://www.microsoft.com/en-us/securityengineering/sdl/practices (Accessed: 11 March 2024).
Oracle (2024) Software Security Assurance | Oracle. Available at: https://www.oracle.com/corporate/security-practices/assurance/ (Accessed: 19 March 2024).
OWASP (2024) SAMM, The Model, SAMM, The Model. Available at: https://owaspsamm.org/model// (Accessed: 19 March 2024).
OWASP SAMM (2024) OWASP SAMM. Available at: // (Accessed: 19 March 2024).
Pressman, R.S. (2010) Ingenieria del Software. Un Enfoque Practico.
Robayo, B, E.C. (2020) ‘GUÍA DE PRINCIPIOS Y BUENAS PRÁCTICAS PARA PRUEBAS DE SEGURIDAD DE SOFTWARE EN APLICACIONES WEB PARA UNA EMPRESA DEL SECTOR PRIVADO’.
Sancho Núñez, J.C., Caro, A. and Rodriguez, P. (2020) ‘A Preventive Secure Software Development Model for a Software Factory: A Case Study’, IEEE Access, PP, pp. 1–1. Available at: https://doi.org/10.1109/ACCESS.2020.2989113.
Schubert, M., Pagel, S. and Von Korflesch, H. (2023) ‘Success Factors in Secure Software Development of Cloud Applications in Germany: A Qualitative-explorative Expert Study’, in. Hawaii International Conference on System Sciences. Available at: https://doi.org/10.24251/HICSS.2023.805.
Sommerville, I. (2011) Software engineering. 9th ed. Boston: Pearson.
Souppaya, M., Scarfone, K. and Dodson, D. (2022) Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST Special Publication (SP) 800-218. National Institute of Standards and Technology. Available at: https://doi.org/10.6028/NIST.SP.800-218.
Synopsys (no date) BSIMM14, Synopsys. Available at: https://www.synopsys.com/software-integrity/engage/bsimm-web/bsimm-report (Accessed: 19 March 2024).
Team, C. 4 A. (2023) NIST y el desarrollo seguro de software, Tarlogic Security. Available at: https://www.tarlogic.com/es/blog/nist-desarrollo-seguro-de-software/ (Accessed: 30 September 2023).
Tung, Y.-H. et al. (2016) ‘An integrated security testing framework for Secure Software Development Life Cycle’, in, pp. 1–4. Available at: https://doi.org/10.1109/APNOMS.2016.7737238.
Valdés, Y. et al. (2023) ‘Towards the Integration of Security Practices in Agile Software Development: A Systematic Mapping Review’, Applied Sciences, 13(7), p. 4578. Available at: https://doi.org/10.3390/app13074578.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 INCEPTUM

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
All contributions made to INCEPTUM Revista de Investigación en Ciencias de la Administración are published and distributed under an International Public License - CC BY-NC-ND 4.0 (Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International) , which allows readers read, download, copy and redistribute the material in any medium or format, provided that the authorship is acknowledged and the material is not used for commercial purposes.



