[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/SERVICES.2010.37guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Security Engineering Approach to Support Software Security

Published: 05 July 2010 Publication History

Abstract

As information security and privacy become increasingly important to organizations, the demand grows for software development processes that assure information integrity, availability, and confidentiality. Unfortunately, despite the investments made in process improvement, there is still no guarantee that the developed software products are protected from attacks or do not present security vulnerabilities. As soon as software products continue to present security flaws and be compromised by attacks, the Systems Security Engineering – Capability Maturity Model (SSE-CMM) becomes the de facto model to structure a software security approach. Moreover, security best practices, practical experience or international standards, like ISO/IEC 15408, should also be considered to support security engineering as they propose activities that can be adapted to enhance security in a software development process and contribute towards the overall software security. This paper proposes a security engineering approach to support software security through a specialized process that helps develop more secure software, entitled Process to Support Software Security (PSSS). In addition, one of PSSS’s subprocess, Model Security Threat, is explained in detail. This paper also presents the results of the case study when the PSSS was first applied in a software development project as well as the preliminary results of a large project implementation.

Cited By

View all
  • (2020)Attack and System Modeling Applied to IoT, Cloud, and Mobile EcosystemsACM Computing Surveys10.1145/337612353:2(1-32)Online publication date: 20-Mar-2020
  • (2016)Closing the Barn DoorProceedings of the 21st Western Canadian Conference on Computing Education10.1145/2910925.2910938(1-15)Online publication date: 6-May-2016
  • (2015)Approaches to promote product quality within software process improvement initiativesJournal of Systems and Software10.1016/j.jss.2015.01.057103:C(150-166)Online publication date: 1-May-2015
  1. Security Engineering Approach to Support Software Security

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image Guide Proceedings
    SERVICES '10: Proceedings of the 2010 6th World Congress on Services
    July 2010
    693 pages
    ISBN:9780769541297

    Publisher

    IEEE Computer Society

    United States

    Publication History

    Published: 05 July 2010

    Author Tags

    1. Information Security
    2. Process to Support Software Security
    3. Security Engineering
    4. Software Security

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 21 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2020)Attack and System Modeling Applied to IoT, Cloud, and Mobile EcosystemsACM Computing Surveys10.1145/337612353:2(1-32)Online publication date: 20-Mar-2020
    • (2016)Closing the Barn DoorProceedings of the 21st Western Canadian Conference on Computing Education10.1145/2910925.2910938(1-15)Online publication date: 6-May-2016
    • (2015)Approaches to promote product quality within software process improvement initiativesJournal of Systems and Software10.1016/j.jss.2015.01.057103:C(150-166)Online publication date: 1-May-2015

    View Options

    View options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media