Improving software security with static automated code analysis in an industry setting

Baca, Dejan; Carlsson, Bengt; Petersen, Kai; Lundberg, Lars

doi:10.1002/spe.2109

Cited by 30 publications

(27 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several studies evaluated static code analysis tools using other test suites or case studies [19][20][21][22]. University of Hamburg in collaboration with the Siemens CERT [19] created a test suite consisting of injected vulnerabilities in otherwise clean code.…”

Section: Related Workmentioning

confidence: 99%

On the capability of static code analysis to detect security vulnerabilities

Goševa-Popstojanova

Perhinschi²

2015

Information and Software Technology

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

On the capability of static code analysis to detect security vulnerabilities

Goševa-Popstojanova

Perhinschi²

2015

Information and Software Technology

View full text Add to dashboard Cite

“…Earlier, the authors have already been involved in conducting security research with the company (cf. [1]). During Cycles 1 to 4 the first researcher's responsibility was to facilitate the risk analysis, while in Cycles 5 and 6 this responsibility was with practitioners, and the researcher acted as an active participant in the risk analysis.…”

Section: Case 1: Development Of Countermeasure Graphsmentioning

confidence: 99%

Action research as a model for industry-academia collaboration in the software engineering context

Petersen

Gencel

Asghari

et al. 2014

Proceedings of the 2014 International Workshop on Long-Term Industrial Collaboration on Software Engineering

Self Cite

View full text Add to dashboard Cite

Background: Action research is a well-established research methodology. It is following a post-positivist research philosophy grounded in critical thinking. The methodology is driven by practical problems, emphasis participatory research, and develops practically useful solutions in an iterative manner. Objective: Two objectives are to be achieved: (1) Understanding the state of the art with respect to action research usage in the software engineering literature, and (2) reflecting and providing recommendations of how to foster industry-academia collaboration through action research. Method: Based on our experience with two action research studies in close collaboration with Ericsson lessons learned and guidelines are presented. Results: In both cases presented action research led to multiple refinements in the interventions implemented. Furthermore, the close collaboration and co-production with the industry was essential to identify and describe the required refinements to provide an in-depth understanding. In comparison with previous studies, we required multiple iterations while previous software engineering studies reported mostly one iteration, or were not explicit regarding the number of iterations studied. Conclusion: We conclude that action research is a powerful tool for industry-academia collaboration. The success of the method highly depends on the researchers and practitioners working in a team. Future studies need to improve the reporting with respect to describing the type of action research used, the iterations, the model of collaboration, and the rationales for changes in each iteration.

show abstract

“…Additionally, there is no specific security role inside FDD [66][67][68]. Of course there are many security methods that been applied in the real world [69][70][71][72][73][74][75][76][77][78][79][80], especially in Malaysia [80] and India [81].There is also discussion and much awareness among IT organizations regarding software security practices [82] and the human factors that could attribute to software security [83].However, there is no specific research regarding the integration of security and FDD.…”

Section: Q3: How Is the Integration Between Security And Fddmentioning

confidence: 99%

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model

Arbain¹,

Ghani²,

Jeong

2014

Journal of Korean Society for Internet Information

View full text Add to dashboard Cite

Agile methodologies have gained recognition as efficient development processes through their quick delivery of software, even under time constraints. However, like other agile methods such as Scrum, Extreme Programming (XP) and The Dynamic Systems Development Method (DSDM), Feature Driven Development (FDD) has been criticized due to the unavailability of security elements in its twelve practices. In order to examine this matter more closely, we conducted a systematic literature review (SLR) and studied literature for the years 2001-2012. Our findings highlight that, in its current form, the FDD model partially supports the development of secure software. However, there is little research on this topic, as detailed information about the usage of secure software is rarely published. Thus, we have been able to conclude that the existing five phases of FDD have not been enough to develop secure software until recently. For this reason, security-based phase and practices in FDD need to be proposed.

show abstract

Improving software security with static automated code analysis in an industry setting

Cited by 30 publications

References 25 publications

On the capability of static code analysis to detect security vulnerabilities

On the capability of static code analysis to detect security vulnerabilities

Action research as a model for industry-academia collaboration in the software engineering context

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model

Contact Info

Product

Resources

About