Software Security Economics: Theory, in Practice

Neuhaus, Stephan; Plattner, Bernhard

doi:10.1007/978-3-642-39498-0_4

Cited by 7 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These information in the wrong hands may cause lots of damages to the owner of the information. The damages can range from financial ruins, bankruptcy, loss of identity, debts, and more .…”

Section: System and Threat Modelsmentioning

confidence: 99%

Game theoretic modeling of security and trust relationship in cyberspace

Njilla

Pissinou

Makki

2016

Int J Communication

View full text Add to dashboard Cite

Summary Today, online network services have evolved as the highest‐emergent medium, enabling various online activities to be lucrative. However, these lucrative activities also bring new forms of privacy threats to the community. In a reliable e‐business service, users should be able to trust the providers of the service to protect their customers' privacy. The service providers should not risk the personal and private information about their customers in cyberspace. There is an economic gain for a business provider when users trust the service provider. Despite those benefits, cyber security concern is the main reason some large organization may go bankrupted. Unfortunately, attackers may attempt to breach a provider's database and expose customers' private information. Therefore, in this paper, we propose a game theoretic framework for security and trust relationship in cyberspace for users, service providers, and attackers. Mathematical proofs and evaluations support our model. Service providers may use the model to see how important and dissuasive against attackers is when investing in cybersecurity. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

“…These information in the wrong hands may cause lots of damages to the owner of the information. The damages can range from financial ruins, bankruptcy, loss of identity, debts, and more .…”

Section: System and Threat Modelsmentioning

confidence: 99%

Game theoretic modeling of security and trust relationship in cyberspace

Njilla

Pissinou

Makki

2016

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Security investment models have previously been classified into different types [71], to include accounting models [29,40,14], game-theoretic models [18,62], and macroeconomic-focused input/output models [4]. Unfortunately, these standard cybersecurity economic model archetypes are not easily applied to software security [61].…”

Section: Swsec Investment Modelsmentioning

confidence: 99%

A case for the economics of secure software development

Heitzenrater

Simpson

2016

Proceedings of the 2016 New Security Paradigms Workshop

View full text Add to dashboard Cite

Over the past 15 years the topic of information security economics has grown to become a large and diverse field, influencing security thinking on issues as diverse as bitcoin markets and cybersecurity insurance. An aspect yet to receive much attention in this respect is that of secure software development, or 'SWSec'-another area that has seen a surge of research since 2000. SWSec provides paradigms, practices and procedures that offer some promise to address current security problems, yet those solutions face financial and technical barriers that necessitate a more thorough approach to planning and execution. Meanwhile, information security economics has developed theory and practice to support a particular world-view; however, it has yet to account for the investments, constructs and benefits of SWSec. As the frequency and severity of computer misuse has increased, both areas have struggled to impart a new mindset for addressing the inherent issues that arise in a diverse, connected and functionality-driven landscape. This paper presents a call for the establishment of an economics of secure software development. We present the primary challenges facing practice, citing relevant literature from both communities to illustrate where commonalities lie-and where further work is needed. Those challenges are decomposed into a research agenda, deriving from the application of principles in both themes a lack of models, representation and analysis in practice. A framework emerges that facilitates discussions of security theory and practice. CCS Concepts •Security and privacy → Economics of security and privacy; Software security engineering; •Software and its engineering → Software design tradeoffs;

show abstract

“…[12]). Even if focus is limited to accounting models alone, such 'standard' cybersecurity economic models are not easily applied to software security [13].…”

Section: Modelling Swsecmentioning

confidence: 99%

Software Security Investment: The Right Amount of a Good Thing

Heitzenrater

Simpson

2016

2016 IEEE Cybersecurity Development (SecDev)

View full text Add to dashboard Cite

Despite an ever-increasing amount of money and attention devoted to cybersecurity, we continue to see wideranging cybersecurity failures. As security practitioners examine new approaches to combat this trend, a growing community has coalesced around secure software development, or 'SWSec', as a best practice. While this movement has highlighted the role engineering process plays in combating the underlying source of vulnerabilities, it has yet to enjoy wide adoption. Anecdotal evidence points to an inability to demonstrate the return on investment (ROI) as a rationale behind this reluctance, and current information security investment models have failed to account for such expenditures. We seek to build upon such models to reflect SWSec investments, with a view to demonstrating the ROI enjoyed by SWSec practice. We summarise our current research toward these ends and identify the research required to fully reflect SWSec alongside current security investments.

show abstract

Software Security Economics: Theory, in Practice

Cited by 7 publications

References 19 publications

Game theoretic modeling of security and trust relationship in cyberspace

Game theoretic modeling of security and trust relationship in cyberspace

A case for the economics of secure software development

Software Security Investment: The Right Amount of a Good Thing

Contact Info

Product

Resources

About