Secure Software Engineering: Learning from the Past to Address Future Challenges

Hein, Daniel; Saiedian, Hossein

doi:10.1080/19393550802623206

Cited by 21 publications

(21 citation statements)

References 38 publications

(64 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The sigmoidal growth model cannot, however, explain the impact of such security engineering practices upon the post-release growth of security vulnerabilities. In other words, historical analysis with postmortem variables cannot explain what happened before the software product entered a given market (Hein and Saiedian, 2009). This is another limitation for practical applications.…”

Section: Applicationsmentioning

confidence: 98%

See 1 more Smart Citation

The sigmoidal growth of operating system security vulnerabilities: An empirical revisit

Ruohonen

Hyrynsalmi

Leppänen

2015

Computers & Security

View full text Add to dashboard Cite

Section: Applicationsmentioning

confidence: 98%

“…By assumption, the overall reliability and, hence, security are both bounded and increasing functions of time. Second, the model operates in the post-release context, using a so-called postmortem variable (Hein and Saiedian, 2009) to evaluate the trends during the servicing stage in Fig. 1.…”

Section: 3mentioning

confidence: 99%

The sigmoidal growth of operating system security vulnerabilities: An empirical revisit

Ruohonen

Hyrynsalmi

Leppänen

2015

Computers & Security

View full text Add to dashboard Cite

“…The treatment of security threats in the earlier phases of system development reduces overall development cost because of the absence of a variety of vulnerabilities. These security improvements also indirectly translate into operational cost savings because less time and money are wasted recovering from attacks enabled by software security vulnerabilities .…”

Section: Introductionmentioning

confidence: 99%

“…P. BEDI ET AL. cost savings because less time and money are wasted recovering from attacks enabled by software security vulnerabilities [4].The proposed model is three-phased. Identification of threats is the function of the first phase.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Threat‐oriented security framework in risk management using multiagent system

et al. 2012

View full text Add to dashboard Cite

SUMMARYPresent day sophisticated and innovative attacks have resulted in exponentially increasing security problems. This paper therefore presents a three‐phased threat‐oriented security model to meet the above security challenges as a part of proactive risk management. This model is based on a spiral process for software development because it is a risk driven approach and provides an incremental method for a progressively growing system with decreasing risk. Integration of threat management during the development process in the proposed work provides necessary security cover against both unforeseen and known threats. Identification of these threats has been made possible by fusion of a threat modeling process and research honeytokens in conjunction with a statistical model in the first phase. Necessary security measures to mitigate the above identified threats have been adopted in the second phase using multiagent system planning. Risk reduction as a result of adoption of countermeasures has been evaluated in the third phase using meta‐agents in association with fuzzy logic in a multiagent environment. The proposed proactive measures of this model have been demonstrated with a case study on ‘Online Banking’ to show its feasibility and has been implemented using Java Agent Development Environment, Apache Tomcat Server, with MySQL Server at the backend. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

Maturity model for secure software testing

Alam

Mahmood

Alshayeb

et al. 2023

J Software Evolu Process

View full text Add to dashboard Cite

Security is an essential attribute of high‐quality software. However, effectively incorporating security practices into different phases of the software development life cycle (SDLC) remains challenging. Owing to less mature secure testing processes, organizations are prone to ineffective testing practices for defect detection, including severe security‐related failures. Thus, in this study, we present a maturity model for secure software testing (MMSST) to assist software development organizations in improving the secure testing of software applications. We conducted a multivocal literature review and identified 68 primary studies from the formal and gray literature. Then, based on the available evidence, 27 process areas were identified to develop the proposed MMSST. The MMSST includes five main categories: governance, contrive and design, execution, deployment and configuration, and mature. The MMSST was subsequently evaluated using case studies related to practical environments. Results demonstrate that the proposed MMSST is useful for estimating the maturity level of an organization with respect to the secure testing phase of the SDLC. The participants of the case studies also agreed that the proposed MMSST is useful in terms of structure, user satisfaction, and ease of use. We believe that the proposed MMSST can help organizations evaluate and improve software security testing practices. In addition, the proposed MMSST is expected to provide researchers and industry practitioners with an effective foundation for developing new secure testing approaches and tools.

show abstract

Secure Software Engineering: Learning from the Past to Address Future Challenges

Cited by 21 publications

References 38 publications

The sigmoidal growth of operating system security vulnerabilities: An empirical revisit

The sigmoidal growth of operating system security vulnerabilities: An empirical revisit

Threat‐oriented security framework in risk management using multiagent system

Maturity model for secure software testing

Contact Info

Product

Resources

About