Software security checklist for the software life cycle

Gilliam, D.P.; Wolfe, Traci; Sherif, Joseph S.; Bishop, Matt

doi:10.1109/enabl.2003.1231415

Cited by 40 publications

(24 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The traditional way of dealing with security was to employ the protection mechanisms after the developmental stages of an Information System [4]. As a result, most of the research work in Information and Computer/Network Security is based on the detailed study of complex protocols or of complex systems and also given the fact that the genesis of the security holes is often backtracked to failures associated with such complex protocols and complex systems.…”

Section: Introductionmentioning

confidence: 99%

Metric for Evaluating Availability of an Information System : A Quantitative Approach Based on Component Dependency

Mir¹,

S.M.K.²

2017

IJNSA

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

Metric for Evaluating Availability of an Information System : A Quantitative Approach Based on Component Dependency

Mir¹,

S.M.K.²

2017

IJNSA

View full text Add to dashboard Cite

show abstract

“…A well-established scale against which we can measure the level of security a software system exhibit is still a great challenge for the research community. Traditionally security is treated as an afterthought, in which the protection mechanisms employed after the development stages of the software [1]. To evaluate the software system for security is one of the most critical aspects of security which got attention lately.…”

Section: Introductionmentioning

confidence: 99%

Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework

Mir¹,

Quadri²

2012

IJCNIS

View full text Add to dashboard Cite

-Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved . In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles.As the component-based development (CBD) is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow.The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.

show abstract

“…In the literature survey, a Software Security Checklist has been developed that builds the software security assessment instrument. It focuses on the software security checklist to ensure that all the security aspects have been included during the software development process [6]. A process has been developed that enables the developers to identify, analyze and finalize the security requirements by the means of software security components.…”

Section: Introductionmentioning

confidence: 99%

Software Security Requirements Gathering Instrument

Jain¹,

Ingle²

2011

IJACSA

View full text Add to dashboard Cite

-Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with the functional requirements and further incorporate security during other phases of software development. We subsequently present case studies that describe the integration of the SSRGI instrument with Software Requirements Specification (SRS) document as specified in standard IEEE 830-1998. Proposed SSRGI will support the software developers in gathering security requirements in detail during requirements gathering phase.

show abstract

Software security checklist for the software life cycle

Abstract: Abstract

Cited by 40 publications

References 4 publications

Metric for Evaluating Availability of an Information System : A Quantitative Approach Based on Component Dependency

Metric for Evaluating Availability of an Information System : A Quantitative Approach Based on Component Dependency

Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework

Software Security Requirements Gathering Instrument

Contact Info

Product

Resources

About