Purpose – Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems. Design/methodology/approach – In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP. Findings – Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture. Research limitations/implications – The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed. Practical implications – The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software. Originality/value – The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.
International Journal of Web Information Systems – Emerald Publishing
Published: Dec 20, 2007
Keywords: Software engineering; Computer software; Design and development