A Case-based Management System for Secure Software Development Using Software Security Knowledge

Saito, Masahito; Hazeyama, Atsuo; Yoshioka, Nobukazu; Kobashi, Takanori; Washizaki, Hironori; Kaiya, Haruhiko; Ohkubo, Takao

doi:10.1016/j.procs.2015.08.155

Cited by 9 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…where 0 ≤α ≤ 1 and 0 ≤β≤ 1. Such that, ɳα(Loij)= (Miij-Loij).α+Loij (5) ɳα(Upij)=Upij-(Upij-Miij).α (6) Where α and β in these equations are used for the preferences of experts and intolerance of experts respectively. The values of α and β vary between 0 and 1.…”

Section: Methodsmentioning

confidence: 99%

“…Then, In (8) symbol I signify the unitary matrix. By applying equations (1)(2)(3)(4)(5)(6)(7)(8), the weights of every attribute with respect to all other attributes may be attained. For checking the consistency and continuing the AHP process, check the consistency ratio (CR) [31].…”

Section: C1mentioning

confidence: 99%

“…Software security is a term used to describe security during the whole development procedure of software. To enhance the security of any software, it is imperative to ensure that the software engineers are equipped with the necessary information and mandatory skills for the development of secure software [5]. Only with this elemental knowledge can the software engineers tackle security attacks and deal with security errors in a correct manner.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Ontology-based context-sensitive software security knowledge management modeling

Alenezi¹

2020

IJECE

View full text Add to dashboard Cite

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: C1mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Ontology-based context-sensitive software security knowledge management modeling

Alenezi¹

2020

IJECE

View full text Add to dashboard Cite

show abstract

“…Here, E e numerator and denominator for each of the words in the "Effort-Change" equation are taken from the developer's responses to the respective standards above and assigned a numeric value accordingly. We have selected COCOMO because it is well established and nonproprietary [25].…”

Section: Major Items Of Costmentioning

confidence: 99%

Cost Benefit Analysis of Incorporating Security and Evaluation of Its Effects on Various Phases of Agile Software Development

Kumar¹,

Kaur²,

Jolly³

et al. 2021

Mathematical Problems in Engineering

View full text Add to dashboard Cite

This article addresses the costs and benefits of integrating security into the development of applications and gives formulas for calculating security costs and benefits. The lack of safe application might lead to safety issues. Increasingly, there are accidents recorded that expose security flaws in many major software systems. It results in significant losses for consumer companies. While software businesses are working to produce secure software, the utility of secure software is quite limited. In contrast to the traditional manufacturers of commodities, for example, automakers, software developers have no legal responsibility if their products include flaws. The market reacts adversely to software manufacturers with serious vulnerabilities in their products. This is because of the loss of credibility, cost of patches, and so on. The study shows that the market is ready to penalize the supplier for insecurity and therefore offers the chance to deliver safer technologies. To improve cost/efficiency, the vulnerabilities are connected by accessible fixes. Significant savings are gained when security shortcomings are corrected during designing requirements instead of fixing security failures after deploying software. For suppliers, updates are more expensive to produce and publish. In addition, development costs can be reduced by plugging security issues in the early stages of development.

show abstract

“…Furthermore, the increase in malicious activities targeting software products and software security weaknesses has become a significant problem for the software development process. Likewise, it is necessary to address security issues from the beginning of the software development life cycle (and in each phase) instead of facing them by creating patches when the software is in the production phase [2]- [4]; therefore, a comprehensive model is needed to adapt security activities to the software development process [6]. The secure software development process comprises software requirements security, software design security, software construction security, and software testing security.…”

Section: Introductionmentioning

confidence: 99%

Systematic Mapping of the Literature on Secure Software Development

2021

View full text Add to dashboard Cite

The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.

show abstract

A Case-based Management System for Secure Software Development Using Software Security Knowledge

Cited by 9 publications

References 5 publications

Ontology-based context-sensitive software security knowledge management modeling

Ontology-based context-sensitive software security knowledge management modeling

Cost Benefit Analysis of Incorporating Security and Evaluation of Its Effects on Various Phases of Agile Software Development

Systematic Mapping of the Literature on Secure Software Development

Contact Info

Product

Resources

About