Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
| Hi-index | 0.01 |
Security is an emergent property of a software system. Several efforts are undertaken, to improve software security. However, developers still miss or misuse acquired knowledge. This is mainly due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our environment denoted ASASI for Addressing Software Application Security Issues. The main feature of the proposed environment is that it is based on a strategy oriented process model that provides a two level guidance. The first level guidance is strategic helping developers choosing one among compilations of the existing methods, standards and best practices. The second level guidance is tactical helping developers achieving their selection for producing secure software. The supported process model is easily extensible and allows building customized processes adapted to context, developer's finalities and product state. This flexibility allows the environment evolving through time to support new security requirements. Keywords-environment;