Case Study: RUP Customization Failures Leading to Poor Software Security

B.L. Arkin and J. Steven (USA)


Security, Rational Unified Process, Software Engineering, Project Management


Although the Rational Unified Process (RUP) provides a mature model for software development, the appropriate customization still involves a great deal of risk. A case study is presented illustrating a flawed RUP adoption failing to meet two of the six best practice areas specified by RUP. These process failures lead to the introduction of serious software security vulnerabilities into the application under development. The RUP customization is successfully modified to meet all best practice areas and prevent the final delivery of a vulnerable product. This is accomplished with minimal impact to the project structure (i.e., without creating additional workflows or artifacts) through the introduction of an additional role.

Important Links:

Go Back