SecurITyCerts dot Org

       Navigating Security Certifications

CISSP Acronym Edge: CISSP Study & Review Guide December 2016+

Main CISSP Acronym Edge Index

Domain 8: Software Development Security

We don’t just sit down and start writing code anymore! We follow a Software Development Life Cycle (SDLC) which begins with planning.

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

CMM – Capability Maturity Model. A model aimed at improving process and quality. CMM assigns one of 5 levels.

• Level One, Initial: uses terms like “chaotic.”
• Level Two, Repeatable: Some repeatable processes have been defined. Basic project management.
• Level Three, Defined: A standard software process for both engineering and management is defined and all projects use an approved tailored version.
• Level Four, Quantitatively Managed: Adds detailed metrics.
• Level Five, Optimizing: Focused on continual process improvement.

CMMI – Capability Maturity Model Integration. A recent version of CMM with the same 5 levels as the original CMM.

SDLC – Software Development Life Cycle. Instead of simply sitting down and starting to write code, unfortunately a common technique used in software development historically and still somewhat today, software development should follow a lifecycle, beginning with planning and eventually ending in retirement of the system.

It also stands for Synchronous Data Link Control, an old IBM mainframe technology.

RAD – Rapid Application Development.

XP – eXtreme Programming, an Agile development method.

CASE tools – Computer Aided Software Engineering tools.

IDE – Integrated Development Environment. A development environment that provides an integrated workspace which commonly includes source code control, debugging, and compiling.

DevOps – The concept, practice, and philosophy that development and operations are integrated; code is developed with the operational environment in mind.

SDL – Security Development Lifecycle

MS SDL – Microsoft Security Development Lifecycle. Microsoft is the name most closely associated with SDL. Their approach has 16 SDL practices.

SD3+C – Secure by Design, by Default, by Deployment and Communications. A centerpiece of MS SDL.

RPC – Remote Procedure Call.

ORB – Object Request Broker. A middleware service, commonly implemented as a server process per machine, which takes object references and resolves them regardless of where the object may reside in the network.

CORBA – Common Object Request Broker Architecture. An industry standard for ORBs from the OMG (below) that was a good first attempt but was so vague that CORBA compliant ORB implementations from different vendors like IBM, Sun, and HP, simply did not interoperate.

OMG – Object Management Consortium. A bunch of smart folks from Framingham Mass that had the “Object Religion” a bit too intensely and developed CORBA. Apparently they still exist but no one really cares.

COM/DCOM – Component Object Model/Distributed Component Object Model. A Microsoft proprietary technology similar to CORBA. Good stuff, and they let out the source code and people started implementing on other platforms like Unix/Linux but the WWW protocols took over.

QA – Quality Assurance. A type of dynamic application testing.

UAT – User Acceptance Testing. A type of dynamic application testing.

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

We respect your email privacy