Towards a structured unified process for software security

Authors:
Shanai Ardi;David Byers;Nahid Shahmehri
Affiliations:
Linköpings Universitet, Linköping, Sweden;Linköpings Universitet, Linköping, Sweden;Linköpings Universitet, Linköping, Sweden
Venue:
Proceedings of the 2006 international workshop on Software engineering for secure systems
Year:
2006

Citing 12
Cited 4

Cleanroom Process Model

IEEE Software
A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
The unified software development process

The unified software development process
Extreme programming explained: embrace change

Extreme programming explained: embrace change
Writing Secure Code

Writing Secure Code
A Practical Guide to Feature-Driven Development

A Practical Guide to Feature-Driven Development
Embracing Change with Extreme Programming

Computer
The Shellcoder's Handbook: Discovering and Exploiting Security Holes

The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Exploiting Software: How to Break Code

Exploiting Software: How to Break Code
Building More Secure Software with Improved Development Processes

IEEE Security and Privacy
The Trustworthy Computing Security Development Lifecycle

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Software Security

IEEE Security and Privacy

Introduction to software engineering for secure systems: SESS06 -- secure by design

Proceedings of the 2006 international workshop on Software engineering for secure systems
Unified modeling of attacks, vulnerabilities and security activities

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Quality factors in development best practices for mobile applications

ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
OSDC: adapting ODC for developing more secure software

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities combine to prevent them.In this paper we introduce key elements of the approach we are taking: vulnerability cause graphs, which encode information about vulnerability causes, and security activity graphs, which encode information about security activities. We discuss how these can be applied to design software development processes (or changes to processes) that eliminate software vulnerabilities.