DATA PROCESSING AND ANALYSIS

Comprehensive integration of security practices into the software development lifecycle

A. V. Blinov^a, S. V. Bezzateev<sup>ab

a</sup> St. Petersburg National Research University of Information Technologies, Mechanics and Optics, Saint-Petersburg, Russia
^b Saint-Petersburg State University of Aerospace Instrumentation, Saint-Petersburg, Russia

Abstract: The article analyzes modern approaches to software security, such as “shift left”, “zero trust” and “security gates”. The authors systematize the methods and means of protection, carry out a comparative analysis of their effectiveness and propose ways of their integrated application at different stages of the software life cycle. The study includes an analysis of modern scientific publications and recommendations in the field of information security, popular views and limitations of each approach. A role model, its structure and potential scenarios of application in the development of individual projects are provided. The capabilities of static and dynamic code analysis tools, supply chain protection and access control in DevSecOps processes are considered. As a result of the analysis, the main problems were identified and research was conducted, recommendations for improving the existing practice were proposed

Keywords: information security, software development, security control, role-based models, vulnerabilities, security analysis, static code analysis, dynamic testing, access management, reliable systems.

DOI: 10.14357/20718632250311

Bibliographic databases:

•