Iteration in the software process; review of the 3rd International Software Process Workshop
ICSE '87 Proceedings of the 9th international conference on Software Engineering
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Model checking security properties of control flow graphs
Journal of Computer Security
Writing Secure Code
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Software Assurance for Security
Computer
Reducing Software Security Risk through an Integrated Approach
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Extended Description Techniques for Security Engineering
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Secure Coding: Principles and Practices
Secure Coding: Principles and Practices
Software Security Checklist for the Software Life Cycle
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report
IEEE Security and Privacy
Misuse and Abuse Cases: Getting Past the Positive
IEEE Security and Privacy
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
IEEE Security and Privacy
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
| Hi-index | 0.00 |
Software tend to be omnipresent in all modern systems. It often manipulates critical resources which interests pirates and need to be secured. Given the fact that most common software attacks can't be stopped or detected using conventional security mechanisms, malicious intruders try hack into systems by exploiting a software vulnerability. Vulnerabilities result from the use of traditional development processes - not focusing on security concerns - and the lack of necessary knowledge and guidance on how to produce secure software. They include implementation bugs such as buffer overflows and design flaws such as inconsistent error handling. Several efforts are undertaken, to improve secure software engineering, however, developers still miss or misuse acquired knowledge due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our approach addressing software application security issues through its development process using a strategy oriented process model. The main feature of the proposed process model is that it provides a two level guidance: 1) a strategic guidance helping the developer to choose one among a compilations of the existing methods, standards and best practices and 2) a tactic guidance helping the developer to achieve his selection. This process model is easily extensible and allows building customized processes adapted to the context, the developer's finalities and the product state.