IEEE Software
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
The unified software development process
The unified software development process
Extreme programming explained: embrace change
Extreme programming explained: embrace change
Writing Secure Code
A Practical Guide to Feature-Driven Development
A Practical Guide to Feature-Driven Development
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Building More Secure Software with Improved Development Processes
IEEE Security and Privacy
The Trustworthy Computing Security Development Lifecycle
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
IEEE Security and Privacy
Introduction to software engineering for secure systems: SESS06 -- secure by design
Proceedings of the 2006 international workshop on Software engineering for secure systems
Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Quality factors in development best practices for mobile applications
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities combine to prevent them.In this paper we introduce key elements of the approach we are taking: vulnerability cause graphs, which encode information about vulnerability causes, and security activity graphs, which encode information about security activities. We discuss how these can be applied to design software development processes (or changes to processes) that eliminate software vulnerabilities.