{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T03:40:27Z","timestamp":1767843627422,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,10,6]],"date-time":"2008-10-06T00:00:00Z","timestamp":1223251200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,10,6]]},"DOI":"10.1145\/1456659.1456667","type":"proceedings-article","created":{"date-parts":[[2008,11,6]],"date-time":"2008-11-06T13:49:50Z","timestamp":1225979390000},"page":"56-65","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Guidelines for secure software development"],"prefix":"10.1145","author":[{"given":"Lynn","family":"Futcher","sequence":"first","affiliation":[{"name":"Nelson Mandela Metropolitan University, Port Elizabeth, South Africa"}]},{"given":"Rossouw","family":"von Solms","sequence":"additional","affiliation":[{"name":"Nelson Mandela Metropolitan University, Port Elizabeth, South Africa"}]}],"member":"320","published-online":{"date-parts":[[2008,10,6]]},"reference":[{"issue":"5","key":"e_1_3_2_1_1_1","first-page":"1026","article-title":"Using UMLSec and goal trees for secure systems development","volume":"48","author":"Jurjens J.","year":"2002","unstructured":"Jurjens , J. 2002 . Using UMLSec and goal trees for secure systems development . Communications of the ACM , 48 ( 5 ), pp. 1026 -- 1030 . Jurjens, J. 2002. Using UMLSec and goal trees for secure systems development. Communications of the ACM, 48 (5), pp.1026--1030.","journal-title":"Communications of the ACM"},{"key":"e_1_3_2_1_2_1","volume-title":"Information security architecture: An integrated approach to security in the organisation","author":"Killmeyer J.","unstructured":"Killmeyer , J. 2006. Information security architecture: An integrated approach to security in the organisation . New York : United States of America: Auerbach Publications . Killmeyer, J. 2006. Information security architecture: An integrated approach to security in the organisation. New York: United States of America: Auerbach Publications."},{"key":"e_1_3_2_1_3_1","volume-title":"Information security risk analysis","author":"Peltier T. R.","unstructured":"Peltier , T. R. 2005. Information security risk analysis . New York : United States of America: Auerbach Publications . Peltier, T. R. 2005. Information security risk analysis. New York: United States of America: Auerbach Publications."},{"key":"e_1_3_2_1_4_1","first-page":"29","volume-title":"Application Program Security","author":"Jones R. L.","unstructured":"Jones , R. L. and Rastogi , A . 2004. Secure coding - building security into the software development life cycle . Application Program Security , pp. 29 -- 38 . Jones, R. L. and Rastogi, A. 2004. Secure coding - building security into the software development life cycle. Application Program Security, pp.29--38."},{"key":"e_1_3_2_1_5_1","unstructured":"ISO. 2005. ISO\/IEC 27002: Information Technology - Code of Practice for Information Security Management.  ISO. 2005. ISO\/IEC 27002: Information Technology - Code of Practice for Information Security Management."},{"key":"e_1_3_2_1_6_1","unstructured":"ISO. 2004. ISO\/IEC 13335-1: Information Technology - Security Techniques - Management of Information and Communications Technology Security. Part 1: Concepts and models for information and communications technology security management.  ISO. 2004. ISO\/IEC 13335-1: Information Technology - Security Techniques - Management of Information and Communications Technology Security. Part 1: Concepts and models for information and communications technology security management."},{"key":"e_1_3_2_1_7_1","unstructured":"ISO. 1998. ISO\/IEC TR 13335-3: Information Technology - Guidelines for the Management of IT Security. Part 3: Techniques for the management of IT security.  ISO. 1998. ISO\/IEC TR 13335-3: Information Technology - Guidelines for the Management of IT Security. Part 3: Techniques for the management of IT security."},{"key":"e_1_3_2_1_8_1","unstructured":"ISO. 2000. ISO\/IEC TR 13335-4: Information Technology -- Guidelines for the Management of IT Security. Part 4: Selection of safeguards.  ISO. 2000. ISO\/IEC TR 13335-4: Information Technology -- Guidelines for the Management of IT Security. Part 4: Selection of safeguards."},{"key":"e_1_3_2_1_9_1","first-page":"800","article-title":"Generally Accepted Principles and Practices for Securing Information Technology systems","author":"NIST.","year":"1996","unstructured":"NIST. 1996 . Generally Accepted Principles and Practices for Securing Information Technology systems . NIST SP 800 - 814 . (http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-14\/800-14.pdf). NIST. 1996. Generally Accepted Principles and Practices for Securing Information Technology systems. NIST SP 800-14. (http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-14\/800-14.pdf).","journal-title":"NIST SP"},{"key":"e_1_3_2_1_10_1","unstructured":"NIST. 2004. Security Considerations in the Information System Development Life Cycle. NIST Special Publication 800--64. (http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-64\/NIST-SP800--64.pdf).  NIST. 2004. Security Considerations in the Information System Development Life Cycle. NIST Special Publication 800--64. (http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-64\/NIST-SP800--64.pdf)."},{"key":"e_1_3_2_1_11_1","volume-title":"Risk Management Guide for Information Technology Systems. NIST Special Publication 800--30.","year":"2008","unstructured":"NIST. 2002. Risk Management Guide for Information Technology Systems. NIST Special Publication 800--30. Retrieved from http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-30\/NIST-SP800-30.pdf on 20th June 2008 . NIST. 2002. Risk Management Guide for Information Technology Systems. NIST Special Publication 800--30. Retrieved from http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-30\/NIST-SP800-30.pdf on 20th June 2008."},{"key":"e_1_3_2_1_12_1","volume-title":"echnical Report)","author":"Bertine H.","unstructured":"Bertine , H. , Chadwick , D. , Euchner , M. And Harrop , M. 2004. Security in telecommunications and information technology ( T echnical Report) . International Telecommunication Union . Bertine, H., Chadwick, D., Euchner, M. And Harrop, M. 2004. Security in telecommunications and information technology (Technical Report). International Telecommunication Union."},{"key":"e_1_3_2_1_13_1","unstructured":"ISO. 1989. ISO 7498-2: Information Processing Systems - Open System Interconnection - Basic Reference Model - Part 2: Security Architecture.  ISO. 1989. ISO 7498-2: Information Processing Systems - Open System Interconnection - Basic Reference Model - Part 2: Security Architecture."},{"key":"e_1_3_2_1_14_1","unstructured":"ISO. ISO\/IEC 12207. 2004. Software Lifecycle Processes.  ISO. ISO\/IEC 12207. 2004. Software Lifecycle Processes."},{"key":"e_1_3_2_1_15_1","unstructured":"Peters J. F. and Pedrycz W. 2000. Software engineering: an engineering approach. Wiley.   Peters J. F. and Pedrycz W. 2000. Software engineering: an engineering approach. Wiley."},{"key":"e_1_3_2_1_16_1","volume-title":"Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model.","author":"Common Criteria","year":"2008","unstructured":"Common Criteria . 2005. Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model. Retrieved from http:\/\/commoncriteriaportal.org\/thecc.html on 20th June 2008 . Common Criteria. 2005. Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model. Retrieved from http:\/\/commoncriteriaportal.org\/thecc.html on 20th June 2008."},{"key":"e_1_3_2_1_17_1","unstructured":"Davis N. 2006. Secure Software Development Life Cycle Processes. Retrieved from https:\/\/buildsecurityin.uscert.gov\/daisy\/bsi\/articles\/knowledge\/sdlc\/326.BSI.ht ml.  Davis N. 2006. Secure Software Development Life Cycle Processes. Retrieved from https:\/\/buildsecurityin.uscert.gov\/daisy\/bsi\/articles\/knowledge\/sdlc\/326.BSI.ht ml."},{"key":"e_1_3_2_1_18_1","unstructured":"IBM. \n      Rational Unified Process Best\n     Practices for Software Development Teams.\n   Retrieved from http:\/\/www.128.ibm.com\/developerworks\/rational\/library\/253.html on 20th \n  June\n  2008\n  .  IBM. Rational Unified Process Best Practices for Software Development Teams. Retrieved from http:\/\/www.128.ibm.com\/developerworks\/rational\/library\/253.html on 20 th June 2008."},{"key":"e_1_3_2_1_19_1","unstructured":"Lipner S. and Howard M. 2005. The Trustworthy Computing Security Development Lifecycle. Retrieved from http:\/\/msdn.microsoft.com\/enus\/library\/ms995349.aspx on 20th June 2008.   Lipner S. and Howard M. 2005. The Trustworthy Computing Security Development Lifecycle. Retrieved from http:\/\/msdn.microsoft.com\/enus\/library\/ms995349.aspx on 20th June 2008."},{"key":"e_1_3_2_1_20_1","unstructured":"OWASP. CLASP \n      Concepts\n    .\n   Retrieved from http:\/\/www.owasp.org\/ on 20th \n  June\n  2008\n  .  OWASP. CLASP Concepts. Retrieved from http:\/\/www.owasp.org\/ on 20 th June 2008."},{"key":"e_1_3_2_1_21_1","volume-title":"Developing Secure Software with TSP-Secure.","author":"Davis N.","year":"2008","unstructured":"Davis , N. 2008. Developing Secure Software with TSP-Secure. Retrieved from https:\/\/buildsecurityin.uscert.gov\/swa\/downloads\/TSP_Secure_Davis.pdf on 20th June 2008 . Davis, N. 2008. Developing Secure Software with TSP-Secure. Retrieved from https:\/\/buildsecurityin.uscert.gov\/swa\/downloads\/TSP_Secure_Davis.pdf on 20th June 2008."},{"key":"e_1_3_2_1_22_1","unstructured":"Howard M. and Leblanc D. 2003. Writing secure code: Practical strategies and techniques for secure application coding in a networked world. Microsoft Press.   Howard M. and Leblanc D. 2003. Writing secure code: Practical strategies and techniques for secure application coding in a networked world. Microsoft Press."},{"key":"e_1_3_2_1_23_1","volume-title":"The Secure Software Development Lifecycle.","author":"Dustin E.","year":"2008","unstructured":"Dustin , E. 2006. The Secure Software Development Lifecycle. Retrieved from http:\/\/www.devsource.com\/c\/a\/techniques\/The-Secure-Software-Development-Lifecycle\/ on 12th June 2008 . Dustin, E. 2006. The Secure Software Development Lifecycle. Retrieved from http:\/\/www.devsource.com\/c\/a\/techniques\/The-Secure-Software-Development-Lifecycle\/ on 12th June 2008."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.103"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1145287.1145289"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1145287.1145291"},{"key":"e_1_3_2_1_27_1","first-page":"5","volume-title":"Systematic Development","author":"Breu R.","unstructured":"Breu , R. , Burger , K. , Hafner , M. and Popp , G . 2004. Towards a systematic development of secure systems . Systematic Development , pp. 5 -- 13 . Breu, R., Burger, K., Hafner, M. and Popp, G. 2004. Towards a systematic development of secure systems. Systematic Development, pp.5--13."}],"event":{"name":"SAICSIT '08: 2008 Annual Conference of the South African Institute of Computer Scientists and Information Technologists","location":"Wilderness South Africa","acronym":"SAICSIT '08","sponsor":["Microsoft Microsoft"]},"container-title":["Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1456659.1456667","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1456659.1456667","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:45Z","timestamp":1750250745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1456659.1456667"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,10,6]]},"references-count":27,"alternative-id":["10.1145\/1456659.1456667","10.1145\/1456659"],"URL":"https:\/\/doi.org\/10.1145\/1456659.1456667","relation":{},"subject":[],"published":{"date-parts":[[2008,10,6]]},"assertion":[{"value":"2008-10-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}