Security in Development: The IBM Secure Engineering Framework

This IBM Redguide describes IBM's approach to secure engineering practices for software products.

Jim Whitmore (, Lead Architect for Secure Engineering, IBM

Jim Whitmore is a Software Engineer at IBM and an Open Group Certified Lead Architect. He is currently responsible for advanced technology projects in the areas of Information Protection and Secure Cloud Computing. During his 25 years at IBM, Jim has led both networking and security-focused design and integration projects for clients in the government and industry sectors. In 2007 he was awarded a patent for a Security Design Methodology. Jim has been published in IBM Redbooks and the IBM Systems Journal. He holds a BS in 20 Security in Development: The IBM Secure Engineering Framework Electrical Engineering and an MS in Telecommunications Management. Jim is a senior member of both the IEEE and the ACM.

Timothy Hahn, Distinguished Engineer, Chief Architect for Enterprise Tools, IBM

Tim Hahn is a Distinguished Engineer at IBM and has been with IBM for 21 years. He is the Chief Architect for Enterprise Modernization Tools within the IBM Software Group's Rational organization. He is responsible for strategy, architecture, and design for Rational enterprise modernization products, which bring innovative and vibrant technology to meet the needs of a diverse user community focused on enterprise modernization, multiplatform application development, and getting the greatest value possible from the tools they use. Tim previously worked in the IBM Software Group's Tivoli organization as the Chief Architect for Secure Systems and Networks, working on security product strategy, architecture, design, and development. He has worked on a variety of products in the past, including lead architecture, design, and development for the IBM Encryption Key Manager and the IBM z/OS Security Server LDAP Server. Tim's expertise is multifaceted, including application development tools and techniques, software security, directory services, and IBM System z systems. He has published numerous articles about the use of Rational and Tivoli security products in end-to-end deployment environments and is a co-author of two books: e-Directories: Enterprise Software, Solutions, and Services and Mainframe Basics for Security Professionals.

Andras Szakal (, Distinguished Engineer , IBM

Andras Szakal is an IBM Distinguished Engineer and the Chief Software IT Architect for the Federal Software Group. Mr. Szakal holds an undergraduate degree in Biology and Computer Science and a Masters in Computer Science from James Madison University.

Axel Buecker (, ITSO Project Manager, IBM

Axel Buecker is a Certified Consulting Software IT Specialist at the International Technical Support Organization, Austin Center. He writes extensively and teaches IBM classes worldwide on areas of Software Security Architecture and Network Computing Technologies. He holds a degree in Computer Science from the University of Bremen, Germany. He has 23 years of experience in a variety of areas related to Workstation and Systems Management, Network Computing, and e-business Solutions. Before joining the ITSO in March 2000, Axel worked for IBM in Germany as a Senior IT Specialist in Software Security Architecture.

15 August 2012

This IBM Redguide describes IBM's approach to secure engineering practices for software products.

About this Redguide

Security in Development: The IBM Secure Engineering Framework, an IBM Redguide™, looks at software product delivery from an end-to-end perspective and discusses key security practices for each phase of software development. These key security practices are summarized in the IBM Secure Engineering Framework.

The Secure Engineering Framework (SEF) is intended to help ensure that software is secure by design, secure in implementation, and secure in deployment, and its practices are grouped into the following practice areas:

  • Education and awareness
  • Project planning
  • Risk assessment and threat modeling
  • Security requirements
  • Secure coding
  • Test and vulnerability assessment
  • Security documentation
  • Incident response management
SummaryTitle=Security in Development: The IBM Secure Engineering Framework