System and method for measuring and enforcing security policy compliance for software during the development process of the software
First Claim
Patent Images
1. A computer program product for managing compliance to security policy for software being developed, wherein the security policy is set and comprises one or more security requirements and the software is required to comply with the security policy, the computer program product including a computer-readable storage medium encoded with program logic for allowing the following computer-executable steps to occur:
- (a) measuring compliance to the security policy by the software being developed, wherein measuring compliance includes checking for digital signatures, computer viruses, or trojan horses;
wherein the security policy enables security requirements for design, development, and quality assurance of the software being developed;
(b) creating a scorecard of the measured compliance of the software being developed to the one or more security requirements of the security policy in step (a); and
(c) using the scorecard created in step (b) to enforce the security policy by ensuring that the software being developed meets a predetermined level of compliance as measured by the scorecard including verifying compliance criteria for digital signatures, computer viruses, or trojan horses.
9 Assignments
0 Petitions
Accused Products
Abstract
A method, computer program product, and apparatus for managing compliance to security policy by measuring it and enforcing security policy compliance based on the measurement for software under development.
-
Citations
7 Claims
-
1. A computer program product for managing compliance to security policy for software being developed, wherein the security policy is set and comprises one or more security requirements and the software is required to comply with the security policy, the computer program product including a computer-readable storage medium encoded with program logic for allowing the following computer-executable steps to occur:
-
(a) measuring compliance to the security policy by the software being developed, wherein measuring compliance includes checking for digital signatures, computer viruses, or trojan horses;
wherein the security policy enables security requirements for design, development, and quality assurance of the software being developed;(b) creating a scorecard of the measured compliance of the software being developed to the one or more security requirements of the security policy in step (a); and (c) using the scorecard created in step (b) to enforce the security policy by ensuring that the software being developed meets a predetermined level of compliance as measured by the scorecard including verifying compliance criteria for digital signatures, computer viruses, or trojan horses. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification