An automatic approach to aid process integration within a secure software processes family

Authors:
Jia-kuan Ma;Ya-sha Wang;Lei Shi;Hong Mei
Affiliations:
Key Laboratory of High Confidence Software Technologies, Ministry of Education School of Electronics Engineering and Computer Science, Peking University, Beijing, China;Key Laboratory of High Confidence Software Technologies, Ministry of Education School of Electronics Engineering and Computer Science, Peking University, Beijing, China;Key Laboratory of High Confidence Software Technologies, Ministry of Education School of Electronics Engineering and Computer Science, Peking University, Beijing, China;Key Laboratory of High Confidence Software Technologies, Ministry of Education School of Electronics Engineering and Computer Science, Peking University, Beijing, China
Venue:
ICSP'10 Proceedings of the 2010 international conference on New modeling concepts for today's software processes: software process
Year:
2010

Citing 11
Cited 0

Process patterns: building large-scale systems using object technology

Process patterns: building large-scale systems using object technology
Product families and process families

ISPW '96 Proceedings of the 10th International Software Process Workshop
Adopting a Software Security Improvement Program

IEEE Security and Privacy
Process Patterns for Software Systems In-house Integration and Merge Experiences from Industry

EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Software Security: Building Security In

Software Security: Building Security In
Extending XP practices to support security requirements engineering

Proceedings of the 2006 international workshop on Software engineering for secure systems
The Security Development Lifecycle

The Security Development Lifecycle
Design of a Process for Software Security

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A Process Pattern Language for Agile Methods

APSEC '07 Proceedings of the 14th Asia-Pacific Software Engineering Conference
On the secure software development process: CLASP, SDL and Touchpoints compared

Information and Software Technology
Representing process variation with a process family

ICSP'07 Proceedings of the 2007 international conference on Software process

Quantified Score

Hi-index	0.00

Visualization

Abstract

Defining secure processes is an important means for assuring software security. A wealth of dedicated secure processes has emerged in these years. These processes are similar to some extent, while differ from one another in detail. Conceptually, they can be further regarded as a so called "Process Family". In order to integrate practices from different family members, and further improve efficiency and effectiveness compared to using a single process, in this paper we propose an automatic approach to implement the integration of the three forefront secure processes, namely, CLASP, SDL and Touchpoints. Moreover, we select a module from an e-government project in China, and conduct an exploratory experiment to compare our approach with cases when one single secure process is employed. The empirical result confirms the positive effects of our approach.