The Community for Technology Leaders
2012 Seventh International Conference on Availability, Reliability and Security (2007)
Vienna, Austria
Apr. 10, 2007 to Apr. 13, 2007
ISBN: 0-7695-2775-2
pp: 301-309
Nahid Shahmehri , Linkopings universitet, SE-58183 Linkoping, Sweden
David Byers , Linkopings universitet, SE-58183 Linkoping, Sweden
ABSTRACT
<p>Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them.</p> <p>In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design.</p>
INDEX TERMS
null
CITATION
Nahid Shahmehri, David Byers, "Design of a Process for Software Security", 2012 Seventh International Conference on Availability, Reliability and Security, vol. 00, no. , pp. 301-309, 2007, doi:10.1109/ARES.2007.67
77 ms
(Ver 3.3 (11022016))