Thumbnail
Access Restriction
Open

Author Ardi, Shanai ♦ Byers, David ♦ Shahmehri, Nahid
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Structured Approach ♦ Add-on Security Software ♦ Specific Activity Com-bine ♦ Structured Unified Process ♦ Software Vulnerability ♦ Penetrate-and-patch Maintenance ♦ Key Element ♦ Security Need ♦ Vulnerability Cause ♦ Detailed Understanding ♦ Security Activity Graph ♦ Software Lifecy-cle ♦ Software De-velopment Process ♦ Vulnerability Cause Graph ♦ Security Activity ♦ Software Security ♦ Pene-tration Testing
Description Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as pene-tration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecy-cle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities com-bine to prevent them. In this paper we introduce key elements of the approach we are taking: vulnerability cause graphs, which encode in-formation about vulnerability causes, and security activity graphs, which encode information about security activities. We discuss how these can be applied to design software de-velopment processes (or changes to processes) that eliminate software vulnerabilities.
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 2006-01-01
Publisher Institution Proceedings of the ICSE 2006 workshop on Software Engineering for Secure Systems (SESS06