Secure software engineering: Evaluation of emerging trends

Mohammad, Adel Hamdan; Alqatawna, Ja'far; Abushariah, Mohammad A. M.

doi:10.1109/icitech.2017.8079952

Cited by 12 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Adel Mohammad et al evaluated three security top approaches McGraw's Touchpoints, Comprehensive Lightweight Application Security Process (CLASP) from Open Web Application Security Project (OWASP) organization, and Microsoft Security Development Lifecycle (SDL) with their process commonality, strengths, limitations and recognized cost, time and Lack of security knowledge are the reasons for security is not considered in software development. They suggested Adaptive Risk Framework and Automated Tool to enhance security activities within all SDLC phases and to consider security from the beginning of the project to the end [4].Anuradha Sharma et al compared existing 8 security techniques in the view of advantages and disadvantages for secure SDLC. All the techniques emphasized in design phase [5].…”

Section: Motivation Towards Sa-sdlc Using Sps Methodologymentioning

confidence: 99%

Development of IoT Health Monitor System using Security Patterns

Aruna¹,

Reddy²,

Sunitha³

2020

IJEAT

View full text Add to dashboard Cite

Context: The most important non-functional requirement of the software application is the security. Developing Secure Software is a challenging Process. Software vulnerabilities and defects may disclose by developers, users, hackers due to Software-intensive systems get connected more and more in every day’s lives. A better way to develop secure software is, enhance security processes in all the phases in SDLC. To enhance security in SDLC process required lots of mechanisms and systematic measures to assess the security during the development process. Objective: In this paper, we propose a method “Security aware-Software Development Life Cycle (Sa-SDLC) using Security Patterns”. We also measure our security efforts in SDLC. This method fills the insecurity gaps from root level to top level in Granular style approach. Our method is suggestible for security critical applications such as Medical, Finance, Legacy and Communication (Messaging like email) Systems. Results: we successfully implemented our approach on remote health monitor since IoT devices are convenient in everyday life, these devices are using in home, environment, healthcare due to its feasible networking, storage and process features etc. In IoT health care applications, security of the sensitive data is paramount since humans are part of the IoT platform. IoTs heterogeneous network connectivity and expected growth, opens many new threats and attacks which impacts on life of a patient. Conclusion: Hence, our proposed methodology is implemented on Security Essential IoT based health care application and measures shows our method is improved software security

show abstract

Section: Motivation Towards Sa-sdlc Using Sps Methodologymentioning

confidence: 99%

Development of IoT Health Monitor System using Security Patterns

Aruna¹,

Reddy²,

Sunitha³

2020

IJEAT

View full text Add to dashboard Cite

show abstract

“…Here, C [e] defines the exploit component; N [sb] represents the number of securities [18] with bugs; N [nsb] is the number of nonsecurity bugs; B [pd] is the percentage of bugs discovered; B [pe] represents the percentage of bugs exploited; and T [c] is the total cost and can be computed as follows:…”

Section: Npvmentioning

confidence: 99%

Cost Benefit Analysis of Incorporating Security and Evaluation of Its Effects on Various Phases of Agile Software Development

Kumar¹,

Kaur²,

Jolly³

et al. 2021

Mathematical Problems in Engineering

View full text Add to dashboard Cite

This article addresses the costs and benefits of integrating security into the development of applications and gives formulas for calculating security costs and benefits. The lack of safe application might lead to safety issues. Increasingly, there are accidents recorded that expose security flaws in many major software systems. It results in significant losses for consumer companies. While software businesses are working to produce secure software, the utility of secure software is quite limited. In contrast to the traditional manufacturers of commodities, for example, automakers, software developers have no legal responsibility if their products include flaws. The market reacts adversely to software manufacturers with serious vulnerabilities in their products. This is because of the loss of credibility, cost of patches, and so on. The study shows that the market is ready to penalize the supplier for insecurity and therefore offers the chance to deliver safer technologies. To improve cost/efficiency, the vulnerabilities are connected by accessible fixes. Significant savings are gained when security shortcomings are corrected during designing requirements instead of fixing security failures after deploying software. For suppliers, updates are more expensive to produce and publish. In addition, development costs can be reduced by plugging security issues in the early stages of development.

show abstract

“…Los sistemas expertos cobran importancia y utilidad en aquellos dominios en los que resulta difícil y costoso disponer de expertos humanos para realizar consultas de manera personal, ilimitada e instantánea (Gupta & Singhal, 2013). Las compañías de desarrollo de software generalmente no cuentan con expertos en seguridad entre sus miembros (Mohammad, Alqatawna, & Abushariah, 2017), por lo que KE-SER puede ser de gran valor.…”

Section: Ke-ser: Conocimiento Y Experienciaunclassified

“…Existen varios enfoques que así lo proponen, como ser: Software Assurance Maturity Model (SAMM, 2019) de la organización Open Web Application Security Project (OWASP, 2019), Touchpoints de McGraw (MacGraw, 2006) y Security Development Lifecycle (SDL, 2019) de Microsoft, entre otros. Análisis comparativos de algunos de estos enfoques, o, en el caso de SAAM de su predecesor, pueden encontrarse en los trabajos de: De Win, Scandariato, Buyens, Grégoire, & Joosen (2009) y Mohammad, Alqatawna, & Abushariah (2017).…”

Section: Introductionunclassified

“…Sin embargo, las compañías de desarrollo de software no suelen contemplar la seguridad en el SDLC debido a que consideran que es muy costosa, que requiere de mucho tiempo y que no están suficientemente capacitadas para su realización, ya que, generalmente, no cuentan con expertos en seguridad entre sus miembros (Mohammad, Alqatawna, & Abushariah, 2017). En este contexto surge la motivación que da origen a la propuesta presentada en este trabajo.…”

Section: Introductionunclassified

See 1 more Smart Citation