Journal of Machines and Computing


A Capability Maturity Model for STP aware Software Development



Journal of Machines and Computing

Received On : 28 March 2022

Revised On : 30 May 2022

Accepted On : 29 July 2022

Published On : 05 October 2022

Volume 02, Issue 04

Pages : 178-187


Abstract


There has been an increase in the importance of software Security, Trust, and Privacy (STP). Product systems must be designed with trustworthy STP protection methods while still rendering the required benefits of applications to its consumers. As a result of this large skill gap, colleges and the software sector have found themselves in a state of supply- and-demand conflict. STP-aware software development requires a new practice Capability Maturity Model (CMM) to address this issue. In order to help colleges progressively increase their students' capacity to apply what they have learned in the classroom, this contribution provides a model that consists of 4 levels: Awareness, Curriculum, Project, and Enterprise, for STP-aware software development. Software development that is STP-aware has been shown to be quite beneficial in the development of programming talent's practice capabilities for learners.


Keywords


Security, Trust, and Privacy (STP), Capability Maturity Model (CMM), Team Software Process (TSP)


  1. B. McMillin and T. Roth, "Cyber-Physical Security and Privacy in the Electric Smart Grid", Synthesis Lectures on Information Security, Privacy, and Trust, vol. 9, no. 2, pp. 1-64, 2017. Doi : 10.2200/s00784ed1v01y201706spt021.
  2. G. Coleman, "Organizing the rable - Introduction to the Team Software Process[Book Review]", IEEE Software, vol. 17, no. 6, pp. 109-110, 2000. Doi : 10.1109/ms.2000.895179.
  3. D. Kaur, P. Kaur and H. Singh, "Secure Spiral: A Secure Software Development Model", Journal of Software Engineering, vol. 6, no. 1, pp. 10- 15, 2011. Doi : 10.3923/jse.2012.10.15.
  4. "Security Consulting Services", Microsoft.com, 2022. [Online]. Doi : https://www.microsoft.com/en-us/securityengineering/sdl/consulting. [Accessed: 15- May- 2022].
  5. "Homepage | CISA", Cisa.gov, 2022. [Online]. Doi : https://www.cisa.gov/uscert/. [Accessed: 15- May- 2022].
  6. "CVE -CVE", Cve.mitre.org, 2022. [Online]. Doi : https://cve.mitre.org/. [Accessed: 15- May- 2022].
  7. M. Haase, R. Auger and K. Wyk, "Top 25 Software Errors | SANS Institute", Sans.org, 2022. [Online]. Doi : https://www.sans.org/top25-software-errors/. [Accessed: 15- May- 2022].
  8. L. Druffel and R. Little, "Software engineering for AI based software products", Data & Knowledge Engineering, vol. 5, no. 2, pp. 93-103,1990. Doi : 10.1016/0169-023x(90)90006-y.
  9. "Certified Software Development Associate Certification", IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 10, pp. 1546-1546, 2010. Doi : 10.1109/tpds.2010.147.
  10. "INCOSE Position on Capability Models and the Capability Maturity Model Integration (CMMI) Effort", INSIGHT, vol. 2, no. 2, pp. 19-20,1999. Doi : 10.1002/inst.19992219.
  11. S. Shang and S. Lin, "Understanding the effectiveness of Capability Maturity Model Integration by examining the knowledge management of software development processes", Total Quality Management & Business Excellence, vol. 20, no. 5, pp. 509-521, 2009. Doi : 10.1080/14783360902863671.
  12. G. Nedeltcheva, "Quality Measurement in the Software Development Life-Cycle by Statistical Metrics – A Survey", Lecture Notes on Software Engineering, vol. 3, no. 2, pp. 145-151, 2015. Doi : 10.7763/lnse.2015.v3.180.
  13. A. Sahraoui, "The rationale paradigm in system development lifecycle", International Journal of System of Systems Engineering, vol. 4, no. 1, p. 44, 2013. Doi : 10.1504/ijsse.2013.053479.
  14. Z. Huang, Z. Shao, G. Fan, H. Yu, K. Yang and Z. Zhou, "HBSniff: A static analysis tool for Java Hibernate object-relational mapping code smell detection", Science of Computer Programming, vol. 217, p. 102778, 2022. Doi : 10.1016/j.scico.2022.102778.
  15. A. Perlmutter and B. Frankel, "SECURITY STUDIES and Security Studies", Security Studies, vol. 1, no. 1, p. iv-iv, 1991. Doi : 10.1080/09636419109347452.

Acknowledgements


Author(s) thanks to Dr.Toi Mazur for this research validation and verification support.


Funding


No funding was received to assist with the preparation of this manuscript.


Ethics declarations


Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.


Availability of data and materials


No data available for above study.


Author information


Contributions

All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.


Corresponding author


Rights and permissions


Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/


Cite this article


Geim Sllian and Toi Mazur, “A Capability Maturity Model for STP aware Software Development”, Journal of Machines and Computing, vol.2, no.4, pp. 178-187, October 2022. doi: 10.53759/7669/jmc202202022.


Copyright


© 2022 Geim Sllian and Toi Mazur. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.