Building secure products and solutions

Gupta, Ashok Kumar; Chandrashekhar, Uma; Sabnis, Suhasini; Bastry, Frank A.

doi:10.1002/bltj.20247

Cited by 10 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our aim is to design the necessary building blocks for a decision aid system that will help administrators and decision makers in their day‐to‐day battle against attackers. We clearly believe that dynamic risk management can be an enabler in the process of designing an information security management system (ISMS) with standard risk management methodologies, such as the Bell Labs Security Framework [10] and International Organization for Standardization (ISO)/International Engineering Consortium (IEC) 27000 series [14]. By focusing on the success likelihood factor in this paper, our work represents a first step towards dynamic risk management for proactive and reactive security.…”

Section: Resultsmentioning

confidence: 99%

Solitary intrascrotal neurofibroma: A case diagnosed on aspiration cytology

Gupta

Singh

et al. 2010

Diagnostic Cytopathology

View full text Add to dashboard Cite

Solitary neurofibroma of the scrotum is exceedingly rare and very few cases of this unusual occurrance have been reported till date. None of the previously reported cases had a preoperative cytologic diagnosis. A young man presented with an eight-month history of right scrotal swelling. Fine-needle aspiration cytology showed a spindle cell tumor with fibrillary matrix and wavy slender nuclei. A cytologic diagnosis of benign nerve sheath tumor was rendered. The patient underwent surgical excision of the mass and histopathologic examination confirmed the diagnosis of a neurofibroma. This case is the first reported instance of aspiration cytologic diagnosis of intrascrotal neurofibroma. This rare tumor should be considered in the cytologic differential diagnoses of testicular and paratesticular tumors.

show abstract

Section: Resultsmentioning

confidence: 99%

Solitary intrascrotal neurofibroma: A case diagnosed on aspiration cytology

Gupta

Singh

et al. 2010

Diagnostic Cytopathology

View full text Add to dashboard Cite

show abstract

“…We have distributed and used these practices to build our assessment framework, which is presented in the next section. [3], [15], [16], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [42], [61], [62], [63], [64], [ Use a scheme to classify applications based on data confidentiality 3 [42], [60], [65] 6 Perform design and architecture security risk analysis 15 [58], [61], [65] , [66], [67], [68], [69], [70], [50], [71], [72], [73], [74], [75] 7…”

Section: B Secure Software Design Practicesmentioning

confidence: 99%

“…[56], [54], [67], [74], [76] 8 Security specification review 2 [67], [71] 9 Minimize software attack surface or access points 8 [3], [15], [45], [49], [57], [70], [75] 10 Identify and segregate trusted entities from untrusted entities 8 [3], [46], [55], [58], [67], [70], [71], [77] 11 18 Design security features using diagrams 2 [67], [68] 19 Consider security principles in design 14 [5], [16], [45], [49], [55], [56], [57], [61], [62], [65], [70], [72], [74], [79] 20 Minimize or eliminate unnecessary functionality 3 [67], [71], [ [16], [42], [49], [56], [64], [73], [77], [80]…”

Section: B Secure Software Design Practicesmentioning

confidence: 99%

A Maturity Model for Secure Software Design: A Multivocal Study

et al. 2020

View full text Add to dashboard Cite

Security is one of the most important software quality attributes. Software security is about designing and developing secure software that does not allow the integrity, confidentiality, and availability of its code, data, or service to be compromised. Organizations tend to consider security as an afterthought, and they continue to suffer from security risks. Developing secure software requires taking security into consideration in all phases of the Software Development Life Cycle (SDLC). Several approaches have been developed to improve software quality, such as Capability Maturity Model Integration (CMMI). However, software security issues have not been addressed in a proper manner and incorporating security practices into the SDLC remains a challenge. The objective of this paper is to develop a framework to improve the process of designing secure products in software development organizations. To achieve this objective, a Multivocal Literature Review (MLR) was conducted to identify the relevant studies in both the formal and grey literature. A total of 38 primary studies were identified, and available evidence was synthesized into 8 knowledge areas and 65 best practices to build a Secure Software Design Maturity Model (SSDMM). The framework was developed based on the structure of CMMI v2.0 and evaluated through case studies in real-world environments. The case study results indicate that SSDMM is useful in measuring the maturity level of an organization for the secure design phase of SDLC. SSDMM will assist organizations in evaluating and improving their software design security practices. It will also provide a foundation for researchers to develop new software security approaches.

show abstract

“…E-prescribing takes advantage of technical services, such as databases, local area networks, wide area networks, the Internet, and many technical standards to allow communication between systems. "Security is a continuous, living process for ensuring that people, networks, and information have the necessary protection required by businesses for secure, reliable day-to-day operations" ( Gupta, 2007).…”

Section: Security Concernsmentioning

confidence: 99%