Prioritisation and Selection of Software Security Activities
2009 (English)In: International Conference on Availability, Reliability and Security, 2009, IEEE , 2009, 201-207 p.Conference paper (Refereed)
Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.
Place, publisher, year, edition, pages
IEEE , 2009. 201-207 p.
Software security, analytic hierarchy process, software engineering, software process improvement
IdentifiersURN: urn:nbn:se:liu:diva-43647DOI: 10.1109/ARES.2009.52ISI: 000270612000027Local ID: 74474ISBN: 978-1-4244-3572-2ISBN: e-978-0-7695-3564-7OAI: oai:DiVA.org:liu-43647DiVA: diva2:264507
4th International Conference on Availability, Reliability and Security (ARES 2009), 16-19 March 2009, Fukuoka, Japan
Acceptance rate: 25 percent2009-10-102009-10-102014-06-24