Development of Web‐based e‐commerce systems has posed challenges in different dimensions of the software development process including design, maintenance and performance. Non‐functional requirements such as performance added to the system as an after thought would lead to extremely high cost and undesirable effects. Security, rarely regarded in the past as one of the non‐functional requirements, has to be integrated into the software development process due to its impact on e‐commerce systems. In this paper, a design methodology based on systems security engineering capability maturity model (SSE‐CMM) is proposed to specify design details for the three defined processes: risk, engineering and assurance. By means of an object‐oriented security design pattern, security design covering impact, threats, risks and countermeasures for different parts of an e‐commerce system can be examined systematically in the risk process. The proposed software development process for secured systems (SDPSS), representing the engineering process, consists of four steps: object and collaboration modeling, tier identification, component identification and deployment specification. Selected unified modeling language notations and diagrams are used to support the SDPSS. Using a simplified supply‐chain e‐commerce system as an example, integration of security design into the software development process is shown with discussions of possible security assurance activities that can be performed on a design.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.