A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Encryption and Secure Computer Networks
ACM Computing Surveys (CSUR)
Token-based scanning of source code for security problems
ACM Transactions on Information and System Security (TISSEC)
Software Assurance for Security
Computer
IEEE Software
From the Ground Up: The DIMACS Software Security Workshop
IEEE Security and Privacy
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Software vulnerability analysis
Software vulnerability analysis
Why the Future Belongs to the Quants
IEEE Security and Privacy
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report
IEEE Security and Privacy
Risk Analysis in Software Design
IEEE Security and Privacy
IEEE Security and Privacy
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Eliciting security requirements with misuse cases
Requirements Engineering
19 Deadly Sins of Software Security
19 Deadly Sins of Software Security
Rules of thumb for secure software engineering
Proceedings of the 27th international conference on Software engineering
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Bridging the Gap between Software Development and Information Security
IEEE Security and Privacy
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
IEEE Security and Privacy
Software Security: Building Security In
Software Security: Building Security In
On the Brittleness of Software and the Infeasibility of Security Metrics
IEEE Security and Privacy
Essential Factors for Successful Software Security Awareness Training
IEEE Security and Privacy
ASASI: An Environment for Addressing Software Application Security Issues
ICSNC '06 Proceedings of the International Conference on Systems and Networks Communication
Corporate Computer and Network Security
Corporate Computer and Network Security
Engineering Safety and Security Related Requirements for Software Intensive Systems
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Empirical and statistical analysis of risk analysis-driven techniques for threat management
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A Metrics Framework to Drive Application Security Improvement
IEEE Security and Privacy
On the Secure Software Development Process: CLASP and SDL Compared
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
The Contemporary Software Security Landscape
IEEE Security and Privacy
Security Evaluation for Information Assurance
ICCSA '07 Proceedings of the The 2007 International Conference Computational Science and its Applications
Estimating Software Vulnerabilities
IEEE Security and Privacy
A Call to Action: Look Beyond the Horizon
IEEE Security and Privacy
IEEE Security and Privacy
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Security vulnerabilities in software systems: a quantitative perspective
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A Tool Support for Secure Software Integration
International Journal of Secure Software Engineering
Hi-index | 0.00 |
This paper provides a taxonomy of secure software systems engineering (SSE) by surveying and organizing relevant SSE research and presents current trends in SSE, on-going challenges, and models for reasoning about threats and vulnerabilities. Several challenging questions related to risk assessment/mitigation (e.g., “what is the likelihood of attack”) as well as practical questions (e.g., “where do vulnerabilities originate” and “how can vulnerabilities be prevented”) are addressed.