Managing the Secure Software Development
作者: Radek Fujdiak , Petr Mlynek , Pavel Mrnustik , Maros Barabas , Petr Blazek
DOI: 10.1109/NTMS.2019.8763845
关键词:
摘要: Nowadays, software development is a more complex process than ever was and it faces the challenges, where security became one of most crucial. The issues an essential part engineers understanding vulnerabilities, risks others everyday bread. needs in resulted creation so-called Secure Software Development Life Cycle (SSDLC). This methodological concept included classical Life-Cycle, which described by five main phases - analysis, design, implementation (building), testing, evaluation (deployment maintenance). SSDLC adds another dimension ensuring security. We introduce our same named tool "Secure Life-cycle", follows general idea goes beyond it. Our helps to create security, hardening, validation reporting guidelines for selected use-cases. environment defining current future requirements based on collection standards, recommendations, best practice, many others. Connecting with other tools improves level automation Product (PLC). gives connection context among safety performance parameters. Compared static definition, provides simple extension straight integration PLC non- or nearly-non personal (human) interaction.
sci-hub.se 参考文章(34)
Elfriede Dustin, Effective Software Testing: 50 Ways to Improve Your Software Testing Addison-Wesley Longman Publishing Co., Inc.. ,(2002)
Vahid Garousi, Ahmet Coşkunçay, Aysu Betin-Can, Onur Demirörs, A survey of software engineering practices in Turkey Journal of Systems and Software. ,vol. 108, pp. 148- 177 ,(2015) , 10.1016/J.JSS.2015.06.036
Berker Bilgin, Pierre Magne, Pawel Malysz, Yinye Yang, Vera Pantelic, Matthias Preindl, Alexandre Korobkine, Weisheng Jiang, Mark Lawford, Ali Emadi, Making the Case for Electrified Transportation ieee transactions on transportation electrification. ,vol. 1, pp. 4- 17 ,(2015) , 10.1109/TTE.2015.2437338
Christian Wagner, Aleksandar Hudic, Silia Maksuti, Markus Tauber, Frank Pallas, Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud conference on the future of the internet. pp. 1- 8 ,(2015) , 10.1109/FICLOUD.2015.79
Hangjung Zo, Derek L. Nazareth, Hemant K. Jain, Security and performance in service-oriented applications: Trading off competing objectives decision support systems. ,vol. 50, pp. 336- 346 ,(2010) , 10.1016/J.DSS.2010.09.002
E. J. Orav, P. A. W. Lewis, Simulation Methodology for Statisticians, Operations Analysts, and Engineers ,(1988)
Joachim Bayer, Oliver Flege, Peter Knauber, Roland Laqua, Dirk Muthig, Klaus Schmid, Tanya Widen, Jean-Marc DeBaud, PuLSE: a methodology to develop software product lines symposium on software reusability. pp. 122- 131 ,(1999) , 10.1145/303008.303063
Alexander Barabanov, Alexey Markov, Andrey Fadin, Valentin Tsirlov, Igor Shakhalov, Synthesis of secure software development controls security of information and networks. pp. 93- 97 ,(2015) , 10.1145/2799979.2799998
Gurpreet Singh Matharu, Anju Mishra, Harmeet Singh, Priyanka Upadhyay, Empirical Study of Agile Software Development Methodologies: A Comparative Analysis ACM Sigsoft Software Engineering Notes. ,vol. 40, pp. 1- 6 ,(2015) , 10.1145/2693208.2693233
Lynn Futcher, Rossouw von Solms, Guidelines for secure software development Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries riding the wave of technology - SAICSIT '08. pp. 56- 65 ,(2008) , 10.1145/1456659.1456667