Software research and development security capability dynamic evaluation and promotion method and system

Abstract

The invention discloses a software research and development security capability dynamic evaluation and promotion method and system. The method comprises the following steps: performing software research and development based on a software security research and development platform with a full life cycle management architecture, wherein a research and development task management tool and a plurality of types of safety test tools which are in communication connection with the software safety research and development platform through data interfaces are integrated in the software safety researchand development platform; dynamically acquiring security vulnerability information and task allocation information by the software security research and development platform; dynamically counting thetask allocation information of any research and development personnel to evaluate the research and development safety capability of the research and development personnel; when the research and development safety capability of the research and development personnel is lower than a set target, pushing orientation capability improvement data. By means of the method, the research and development safety capacity of each individual in a research and development team can be subjected to differentiated evaluation and targeted improvement, repeated capacity improvement training on unnecessary personnel is avoided, and the research and development safety capacity of research and development personnel and the training efficiency of enterprises are effectively improved.

Description

technical field [0001] The present invention relates to the technical field of software research and development security capability evaluation, in particular to a method and system for dynamically evaluating and improving software research and development security capability. Background technique [0002] At present, the core issue in the field of application security lies in the R&D process. For R&D security, technical personnel in the field have gradually reached a consensus that the full lifecycle management of software security should be implemented. However, in the process of software security lifecycle management, there is no automated solution for the assessment and improvement of R&D security capabilities, and more security awareness training for the entire R&D team. However, only relying on security awareness training cannot improve the security R&D capabilities of the R&D team, nor can it analyze the security R&D capabilities of each R&D personnel in a targeted ma...

AI Technical Summary

Problems solved by technology

However, in the process of software security lifecycle management, there is no automated solution for the assessment and improvement of R&D security capabilities, and more security awareness training for the entire R&D team

However, only relying on security awareness training cannot improve the security R&D capabilities of the R&D team, nor can it analyze the security R&D capabilities of each R&D personnel in a targeted manner. In this way, each training may affect different R&D personnel bring different effects, such as: for some groups of people, it is repeated training, but for other groups of people, the training may not be strong enough, or the training content is too much to be well grasped

Images