Risky trust: risk-based analysis of software systems
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Analysis of systems development project risks: an integrative framework
ACM SIGMIS Database
Hi-index | 4.10 |
Most organizations manage computer security risk reactively by investing in technologies designed to protect against known system vulnerabilities and monitor intrusions as they occur. However, firewalls, cryptography, and antivirus protection address the symptoms, not the root cause, of most security problems. Buying and maintaining a firewall, for example, is ineffective if external users can access remotely exploitable Internet-enabled applications through it. Because hackers attack software, improving computer security depends on proactively managing risks associated with software and software development. The current "penetrate and patch" approach of fixing broken software only after it has been compromised is insufficient to control the problem