The Secure Design and Development Cybersecurity Capability Maturity Model (SD2-C2M2) provides a browser-based tool that allows hardware and software developers to assess the maturity level of their design and development processes, allows management to determine desired maturity levels in seven domains, and allows developers to monitor process maturity improvements against management goals. The tool can be used by commercial developers as well as internal development organizations. This paper provides an overview of the tool and domains and presents a hypothetical case study of the tool to reduce software buffer overflow attack vulnerabilities by improving the software development process.
Revised: November 21, 2019 |
Published: April 10, 2019
Citation
Gourisetti S.G., S.R. Mix, M.E. Mylrea, C.A. Bonebrake, and M. Touhiduzzaman. 2019.Secure Design and Development Cybersecurity Capability Maturity Model (SD2-C2M2): Next-Generation Cyber Resilience by Design. In Proceedings of the Northwest Cybersecurity Symposium ( NCS 2019), April 8-10, 2019, Richland, WA, Article No. 5. New York, New York:ACM.PNNL-SA-141161.doi:10.1145/3332448.3332461