- a Security-Oriented Software Development Framework

Security must be an inherent property in both software and other technical systems. The greatest challenge is to weave in security throughout the complete software development lifecycle, from planning, requirements, design, implementation, testing, deployment, maintenance, and further development. In this project, a framework called SODA (a Security-Oriented Software Development Framework) is developed, which enables a conscious security focus throughout the entire development process.

The life cycle of a software product can be divided into three major phases:

• Development – The program is created, extended or modified.
• Deployment – The program is made ready for real use (installed, configured and introduced).
• Operation – The program is in everyday use and needs maintenance and inspection.

The main focus of SODA is the development phase, which can be split into the following sub-phases:

• Requirements – What is to be made and how should it be used.
• Design – Which solutions are chosen to fulfil the requirements.
• Implementation – The program is constructed (coded) based on the design.
• Testing – Verification of the program with respect to the requirements. 

For each of these phases, SODA defines a set of suitable, complementary techniques or methods for improving the robustness and reducing the number of security flaws in the software. Risk management is the central component throughout the whole process, and identifies which and to which extend the methods should be used.

The SODA project wishes to cooperate with developers and software companies in order to test, measure and improve the methodology for security awareness in software development.

Much of the work started in SODA is continued in the EU FP7 STREP SHIELDS.