A Cause-Based Approach to Preventing Software Vulnerabilities
2008 (English)In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, 276-283 p.Conference paper (Refereed)
Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.
Place, publisher, year, edition, pages
IEEE Computer Society, 2008. 276-283 p.
Security modeling, Software security, software process improvement
IdentifiersURN: urn:nbn:se:liu:diva-40110DOI: 10.1109/ARES.2008.12ISI: 000256665200037Local ID: 52272ISBN: 978-0-7695-3102-1OAI: oai:DiVA.org:liu-40110DiVA: diva2:260959
Third International Conference on Availability, Reliability and Security (ARES 2008), 4-7 March 2008, Barcelona, Spain
Acceptance rate: 21 percent2009-10-102009-10-102014-06-24