A Framework for Identifying Software Vulnerabilities within SDLC Phases

Considering the fast development of software and its complexity, the requirement of securing has faced new aspects. The more the software becomes complex and its access rate rises, a creative technique is being created to attack, access, or manipulate its data. Therefore, creating a new approach in order to detect software vulnerability is essential. Various studies have proved that in case of considering security in late phases of software development and testing to mitigate software vulnerabilities, will be time consuming and complex, and it is probably that it couldn’t supply the security completely. So, taking into account the security issue from the early phases of software development is essential. In this paper, we propose a framework in order to identify software vulnerability. In this framework, we use common criteria standard (ISO/IEC 15408) and CVE (Common Vulnerabilities and Exposures) to identify software vulnerability, which is done in every phase of the software development life cycle. Therefore, the process of secure software development will be improved, and software with less vulnerability will be produced.