Tailoring Rational Unified Process to Contemplate the SSE-CMM

Resumen

This paper describes an extension proposal of the process framework named Rational Unified Process (RUP) so that it contemplates the security practices proposed by the System Security Engineering Capability Maturity Model (SSE-CMM). It was possible to check that several process areas proposed by the SSE-CMM are not contemplated by the RUP through the comparison between those process model. We believe that the incorporation of security, based on the SSE-CMM, to the RUP is important so that the security aspects are considered from the beginning and throughout the whole life cycle of the software development, therefore avoiding that the software that is given contains security vulnerabilities. Having that considered, this paper proposes the extension of the Unified Process by means of the inclusion of a new discipline in the RUP which seeks to satisfy security requirements as it is described by the SSE-CMM model (standard ISO/IEC 21827) in a way that the security is integrated into all the software development phases.