2009 International Conference on Availability, Reliability and Security Prioritisation and Selection of Software Security Activities Fukuoka Institute of Technology, Fukuoka, Japan March 16-March 19 ISBN: 978-0-7695-3564-7
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2009.52
Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.
Index Terms:
Software security, software engineering, software process improvement, analytic hierarchy process
Citation:
David Byers, Nahid Shahmehri, "Prioritisation and Selection of Software Security Activities," ares, pp.201-207, 2009 International Conference on Availability, Reliability and Security, 2009 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb