Secure Software Engineering: Learning from the Past to Address Future Challenges

Authors:
Daniel Hein;Hossein Saiedian
Affiliations:
Garmin International, Inc., Olathe, Kansas, USA;EECS, The University of Kansas, Lawrence, Kansas, USA
Venue:
Information Security Journal: A Global Perspective
Year:
2009

Citing 40
Cited 1

A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
Encryption and Secure Computer Networks

ACM Computing Surveys (CSUR)
Token-based scanning of source code for security problems

ACM Transactions on Information and System Security (TISSEC)
Software Assurance for Security

Computer
Software Defect Reduction Top 10 List

Computer
Body of Knowledge for Software Quality Measurement

Computer
Point/Counterpoint

IEEE Software
From the Ground Up: The DIMACS Software Security Workshop

IEEE Security and Privacy
Why Information Security is Hard-An Economic Perspective

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Software vulnerability analysis

Software vulnerability analysis
Why the Future Belongs to the Quants

IEEE Security and Privacy
Exploiting Software: How to Break Code

Exploiting Software: How to Break Code
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report

IEEE Security and Privacy
Risk Analysis in Software Design

IEEE Security and Privacy
Software Security Testing

IEEE Security and Privacy
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
Testing static analysis tools using exploitable buffer overflows from open source code

Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Eliciting security requirements with misuse cases

Requirements Engineering
19 Deadly Sins of Software Security

19 Deadly Sins of Software Security
Rules of thumb for secure software engineering

Proceedings of the 27th international conference on Software engineering
Towards agile security assurance

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Bridging the Gap between Software Development and Information Security

IEEE Security and Privacy
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

IEEE Security and Privacy
Will Proposed Standard Make Mobile Phones More Secure?

Computer
Software Security: Building Security In

Software Security: Building Security In
On the Brittleness of Software and the Infeasibility of Security Metrics

IEEE Security and Privacy
Essential Factors for Successful Software Security Awareness Training

IEEE Security and Privacy
ASASI: An Environment for Addressing Software Application Security Issues

ICSNC '06 Proceedings of the International Conference on Systems and Networks Communication
Corporate Computer and Network Security

Corporate Computer and Network Security
Engineering Safety and Security Related Requirements for Software Intensive Systems

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Empirical and statistical analysis of risk analysis-driven techniques for threat management

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A Metrics Framework to Drive Application Security Improvement

IEEE Security and Privacy
On the Secure Software Development Process: CLASP and SDL Compared

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
The Contemporary Software Security Landscape

IEEE Security and Privacy
Security Evaluation for Information Assurance

ICCSA '07 Proceedings of the The 2007 International Conference Computational Science and its Applications
Estimating Software Vulnerabilities

IEEE Security and Privacy
A Call to Action: Look Beyond the Horizon

IEEE Security and Privacy
Software Security

IEEE Security and Privacy
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)

Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Security vulnerabilities in software systems: a quantitative perspective

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security

A Tool Support for Secure Software Integration

International Journal of Secure Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper provides a taxonomy of secure software systems engineering (SSE) by surveying and organizing relevant SSE research and presents current trends in SSE, on-going challenges, and models for reasoning about threats and vulnerabilities. Several challenging questions related to risk assessment/mitigation (e.g., “what is the likelihood of attack”) as well as practical questions (e.g., “where do vulnerabilities originate” and “how can vulnerabilities be prevented”) are addressed.