Software security metric identification framework (SSM)
Proceedings of the International Conference on Advances in Computing, Communication and Control
Impact of inheritance on vulnerability propagation at design phase
ACM SIGSOFT Software Engineering Notes
Research on software design level security vulnerabilities
ACM SIGSOFT Software Engineering Notes
Software Fault Feature Clustering Algorithm Based on Sequence Pattern
WISM '09 Proceedings of the International Conference on Web Information Systems and Mining
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
| Hi-index | 0.00 |
This paper attempts to introduce a method for developing secure software based on the vulnerabilities which are already known. In the proposed method, the most prevalent vulnerabilities are selected. For each vulnerability its location of appearance within the software development process, as well as methods of mitigation through design-level or implementation-level activities is discussed. Mapping vulnerabilities to design and implementation within software development process not only results to a better understanding of vulnerability emergence, but also allows countermeasures to be applied during initial steps of vulnerability creation, and thus better software security.This mapping shows that choosing a suitable programming language and enforcing the least privileges are the most vital design time decisions. Also, security code review and server side input validation are implementation-level activities assumed to cover most of the vulnerabilities.