This page contains a collection of publicly available secure software development guides. Each guide has its own approach to introducting security in the software development lifecycle.
- Apple Secure Coding Guide
- NIST Special Publication 800-64 Revision 2: Security Considerations in the System Development Life Cycle
- SAMM: Software Assurance Maturity Model
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:
- Evaluating an organization’s existing software security practices
- Building a balanced software security program in well-defined iterations
- Demonstrating concrete improvements to a security assurance program
- Defining and measuring security-related activities within an organization
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.
As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use.
- BSIMM - The Building Security In Maturity Model
The Building Security In Maturity Model (BSIMM) described on this website is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. Though particular methodologies differ (think OWASP CLASP, Microsoft SDL, or the Cigital Touchpoints), many initiatives share common ground. This common ground is captured and described in BSIMM. As an organizing feature, we introduce and use a Software Security Framework (SSF), which provides a conceptual scaffolding for BSIMM. Properly used, BSIMM can help you determine where your organization stands with respect to real-world software security initiatives and what steps can be taken to make your approach more effective.
- Secure Coding Principles: http://www.owasp.org/index.php/Secure_Coding_Principles
- CERT Secure Coding Standards
- Top 10 Secure Coding Practices: https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secu...
- The CERT Sun Microsystems Secure Coding Standard for Java
- The CERT C Secure Coding Standard
- The CERT C++ Secure Coding Standard
- PHP coding guidelines
- Zend Framework Coding Standard for PHP: http://framework.zend.com/manual/en/coding-standard.html
- eZ Components coding standards: http://ezcomponents.org/contributing/coding_standards
- Java coding guidelines
- Java coding standard checker
- C# Visual Basic.Net coding guidelines