Research on software security awareness

Banerjee, C.; Pandey, S. K.

doi:10.1145/1838687.1838701

Cited by 9 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Perceived behavioral control (Lack of awareness) User's carelessness together with a lack of knowledge in differentiating between spoofed and genuine websites leads users to fall victims to such attacks (Zhang, Ren, & Jiang, 2016). In this respect, lack of awareness of phishing is a major factor for most compromises (Banerjee, & Pandey, 2010;Gupta, Arachchilage, & Psannis, 2018). Subsequently, the user's inability to differentiate between a genuine email and a phishing email from the words contained in the subject and body of an email, respectively, will generally contribute to the reasons why humans fall for spear phishing attacks (Hong, 2012).…”

Section: User Vulnerabilities In Spear Phishingmentioning

confidence: 99%

Evaluating user vulnerabilities vs phisher skills in spear phishing

Nicho¹,

Fakhry²,

Egbue³

2018

IJCSIS

View full text Add to dashboard Cite

Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher's skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher's ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely 'user vulnerabilities' and 'email contextualization', through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers' bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.

show abstract

Section: User Vulnerabilities In Spear Phishingmentioning

confidence: 99%

Evaluating user vulnerabilities vs phisher skills in spear phishing

Nicho¹,

Fakhry²,

Egbue³

2018

IJCSIS

View full text Add to dashboard Cite

show abstract

“…Additionally, there is no specific security role inside FDD [66][67][68]. Of course there are many security methods that been applied in the real world [69][70][71][72][73][74][75][76][77][78][79][80], especially in Malaysia [80] and India [81].There is also discussion and much awareness among IT organizations regarding software security practices [82] and the human factors that could attribute to software security [83].However, there is no specific research regarding the integration of security and FDD.…”

Section: Q3: How Is the Integration Between Security And Fddmentioning

confidence: 99%

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model

Arbain¹,

Ghani²,

Jeong

2014

Journal of Korean Society for Internet Information

View full text Add to dashboard Cite

Agile methodologies have gained recognition as efficient development processes through their quick delivery of software, even under time constraints. However, like other agile methods such as Scrum, Extreme Programming (XP) and The Dynamic Systems Development Method (DSDM), Feature Driven Development (FDD) has been criticized due to the unavailability of security elements in its twelve practices. In order to examine this matter more closely, we conducted a systematic literature review (SLR) and studied literature for the years 2001-2012. Our findings highlight that, in its current form, the FDD model partially supports the development of secure software. However, there is little research on this topic, as detailed information about the usage of secure software is rarely published. Thus, we have been able to conclude that the existing five phases of FDD have not been enough to develop secure software until recently. For this reason, security-based phase and practices in FDD need to be proposed.

show abstract

“…Other programming activities, such as producing functions and data structures, can be automated, or assisted by AI. It also highlights software security rules [ 1 ], standards, policies, protocols, and some awareness [ 2 ] mechanisms. It focuses on embedding intelligence into methodologies designed to solve diverse software engineering jobs to achieve high efficacy and efficiency [ 4 , 8 ].…”

mentioning

confidence: 99%