Evolution of Security Engineering Artifacts

Felderer, Michael; Katt, Basel; Kalb, Philipp; Jürjens, Jan; Ochoa, Martín; Paci, Federica; Tran, Le Minh Sang; Tun, Thein Than; Yskout, Koen; Scandariato, Riccardo; Piessens, Frank; Vanoverberghe, Dries; Fourneret, Elizabeta; Gander, Matthias; Solhaug, Bjørnar; Breu, Ruth

doi:10.4018/978-1-4666-8473-7.ch074

Cited by 1 publication

(1 citation statement)

References 155 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, due to ever changing surroundings, new business needs, new regulations, and new technologies, a software system must evolve, or it becomes progressively less satisfactory [1,2]. This makes it especially challenging to keep software systems permanently secure as changes either in the system itself or in its environment may cause new threats and vulnerabilities [3]. Thus, methods that guarantee security taking permanent change into account are of high importance.…”

Section: Introductionmentioning

confidence: 99%

A systematic classification of security regression testing approaches

Felderer

Fourneret

2015

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

The openness of modern IT systems and their permanent change make it challenging to keep these systems secure. A combination of regression and security testing called security regression testing, which ensures that changes made to a system do not harm its security, are therefore of high significance and the interest in such approaches has steadily increased. In this article we present a systematic classification of available security regression testing approaches based on a solid study of background and related work to sketch which parts of the research area seem to be well understood and evaluated, and which ones require further research. For this purpose we extract approaches relevant to security regression testing from computer science digital libraries based on a rigorous search and selection strategy. Then, we provide a classification of these according to security regression approach criteria: abstraction level, security issue, regression testing techniques, and tool support, as well as evaluation criteria, for instance evaluated system, maturity of the system, and evaluation measures. From the resulting classification we derive observations with regard to the abstraction level, regression testing techniques, tool support as well as evaluation, and finally identify several potential directions of future research.

show abstract

Section: Introductionmentioning

confidence: 99%