企业应用软件开发安全体系的构建  被引量：5

作　　者：王伟萌 刘承亮 朱韦桥 苏伦 WANG Weimeng;LIU Chengliang;ZHU Weiqiao;SU Lun(Institute of Computing Technologies,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)

机构地区：[1]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081

出　　处：《铁路计算机应用》2021年第2期58-62,67,共6页Railway Computer Application

基　　金：中国铁路总公司科技研究开发计划课题(J2018S001)。

摘　　要：针对企业应用软件设计与开发过程中所需考虑的安全性问题,构建一套企业内部适用的应用软件开发安全体系。通过剖析企业应用软件常见漏洞防护技术,依照应用软件开发生命周期流程,从设计安全、编码安全、过程管理安全等方面重新梳理、补充企业应用软件开发安全体系的框架。考虑体系框架下对应安全要求,为了方便指导应用软件设计人员、代码开发人员提高应用软件安全能力,补充提出了包含技术要求的企业应用软件开发安全体系。企业应用软件开发安全体系的构建能够帮助减少软件自身缺陷,防止企业应用软件安全漏洞被黑客利用,从而避免可能导致的严重甚至是灾难性后果。Aiming at the security problems that need to be considered in the process of enterprise application software design and development,this paper constructed a set of application software development security system suitable for enterprise.This paper analyzed the common vulnerability protection technologies of enterprise application software,according to the application software development life cycle process,reorganized and supplemented the framework of enterprise application software development security system from theaspects of design security,coding security,and process management security.Considering the corresponding security requirements under the framework of the system,in order to facilitate the guidance of application software designers and code developers,and improve the security capability of application software,the paper proposed a security system of enterprise application software development including technical requirements.The construction of enterprise application software development security system can help to reduce the software defects,prevent enterprise application software security vulnerabilities from being exploited by hackers,so as to avoid the possible serious or even catastrophic consequences.

关 键 词：信息安全 应用安全 应用软件 安全开发体系 安全漏洞 

分 类 号：U29[交通运输工程—交通运输规划与管理] TP39[交通运输工程—道路与铁道工程]