Software security metric identification framework (SSM)
Proceedings of the International Conference on Advances in Computing, Communication and Control
Security testing: mind the knowledge gap
ACM SIGCSE Bulletin
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g. threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development.