Evaluation of Engineering Approaches in the Secure Software Development Life Cycle

Busch, Marianne; Koch, Nora; Wirsing, Martin

doi:10.1007/978-3-319-07452-8_10

Cited by 5 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, it is necessary to consider security aspects from the early phases of development. The first phase should identify the software security requirements and lay the foundation with high-level requirement models to continue developing secure software in the next phases [5].…”

Section: Rq2: What Are the Most Prominent Activities And What Methodmentioning

confidence: 99%

“…The secure software development process comprises software requirements security, software design security, software construction security, and software testing security. This process aims to enrich security requirements, use threat models methodologies during software design, and apply best security practices for coding, code reviews, and tests [5].…”

Section: Introductionmentioning

confidence: 99%

“…To increase the security level of software products, this process should be continuously updated [5], [7]; hence, studies showing the trends in methodologies, notations, tools, and techniques are required.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Systematic Mapping of the Literature on Secure Software Development

2021

View full text Add to dashboard Cite

The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.

show abstract

Section: Rq2: What Are the Most Prominent Activities And What Methodmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Systematic Mapping of the Literature on Secure Software Development

2021

View full text Add to dashboard Cite

show abstract

“…NESSoS, through the construction of its CBK, aims to set up a long-term research community on secure services and systems technology, bringing together researchers and professionals from the fields of security, computing and software technology (Beckers and Heisel, 2013). Based on NESSoS CBK, researchers (Busch et al , 2014a; Busch et al , 2014b) created SecEval, which is an assessment framework for secure systems technology. Further, SecWAO, an ontology based on SecEval, for secure online applications was published (Busch and Wirsing, 2015).…”

Section: Related Workmentioning

confidence: 99%

Developing and validating a common body of knowledge for information privacy

Lavranou

Tsohou

2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to present a common body of knowledge (CBK) for the field of information privacy, titled InfoPrivacy CBK. The purpose of the proposed CBK is to guide internet users to better understand the concept of information privacy and associate information privacy-related concepts. The InfoPrivacy CBK was created with an educational orientation to provide the basis for designing privacy awareness and training programs and organizing relevant educational material. Design/methodology/approach The proposed CBK for information privacy was developed conceptually and includes five domains and four levels of analysis. It is illustrated with conceptual maps. The authors identified a variety of concepts related to information privacy and created a set of categories to categorize the concepts. They used, as inclusion criteria, both theoretical and practical information privacy aspects, so that the developed CBK can address the challenges of modern technologies for preserving information privacy. Findings To validate and refine the conceptually developed CBK, the authors conducted an empirical research, in which seven information privacy experts participated. The experts commented largely positively for the structure and content of InfoPrivacy CBK, as well as for the extent to which it achieves the intended educational goals. Research limitations/implications The proposed InfoPrivacy CBK was validated by a limited number of information privacy experts, mainly due to the lengthy and in-depth participation that was required. Practical implications The InfoPrivacy CBK can be used primarily by privacy awareness and training programs developers, such as organizations, data protection officers, the state, educational policy makers and teachers. Social implications Internet users will benefit from InfoPrivacy CBK by acquiring knowledge and skills from theoretically grounded training programs, which can enhance their awareness and critical thinking on issues related to the protection of their information privacy. This will lead to more privacy-aware online societies, communities, networks, etc. Originality/value This work intends to bridge the existing gap in the literature through the creation of a novel CBK for information privacy; information privacy is a field for which no such research effort has been recorded. This paper offers important knowledge in the field of information privacy, which could be useful to both technological education designers and learners (students, employees, etc.).

show abstract

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

Nafees

Coull

Ferguson

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The transfer of cybersecurity domain knowledge from security experts ('Ethical Hackers') to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.

show abstract

Evaluation of Engineering Approaches in the Secure Software Development Life Cycle

Cited by 5 publications

References 15 publications

Systematic Mapping of the Literature on Secure Software Development

Systematic Mapping of the Literature on Secure Software Development

Developing and validating a common body of knowledge for information privacy

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

Contact Info

Product

Resources

About