Towards an approach for security risk analysis in COTS based development

Authors:
Dan Wu;Ye Yang
Affiliations:
Center for Software Engineering, University of Southern California, Los Angeles, CA;Center for Software Engineering, University of Southern California, Los Angeles, CA
Venue:
SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling
Year:
2006

Citing 5
Cited 0

A case study in applying a systematic method for COTS selection

Proceedings of the 18th international conference on Software engineering
Software engineering for security: a roadmap

Proceedings of the Conference on The Future of Software Engineering
A Map of Security Risks Associated with Using COTS

Computer
Developing New Processes for COTS-Based Systems

IEEE Software
COCOTS Risk Analyzer

ICCBSS '06 Proceedings of the Fifth International Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

More and more companies tend to use secure products as COTS to develop their secure systems due to resource limitations. The security concerns add more complexity as well as potential risks to COTS selection process, and it is always a great challenge for developers to make the selection decisions. In this paper, we provide a method for security risk analysis in COTS based development (CBD) based on Common Criteria and our previous work in identifying general risk items for CBD. The research result provides useful insights for developers in identifying security risks, so that it can be used to aid for the COTS selection decision.