liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Design of a Process for Software Security
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2007 (English)In: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, 301-309 p.Conference paper, Published paper (Refereed)
Abstract [en]

Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them. In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design

Place, publisher, year, edition, pages
IEEE Computer Society, 2007. 301-309 p.
Keyword [en]
Software security, software process improvement
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-37683DOI: 10.1109/ARES.2007.67ISI: 000246485700037Local ID: 37345ISBN: 978-0-7695-2775-8 (print)ISBN: 0-7695-2775-2 (print)OAI: oai:DiVA.org:liu-37683DiVA: diva2:258532
Conference
Second International Conference on Availability, Reliability and Security (ARES 2007), 10-13 April 2007, Vienna, Austria
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2014-06-24

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Byers, DavidShahmehri, Nahid

Search in DiVA

By author/editor
Byers, DavidShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 142 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf