Towards a Security Competence of Software Developers

2020 ◽

pp. 73-87

Author(s):

Nana Assyne

Keyword(s):

Software Development ◽

Software Security ◽

Daily Basis ◽

Software Developers ◽

Body Of Knowledge ◽

Secure Software ◽

Full Knowledge ◽

Software Engineers ◽

Secure Software Development ◽

The Common

Software growth has been explosive as people depend heavily on software on daily basis. Software development is a human-intensive effort, and developers' competence in software security is essential for secure software development. In addition, ubiquitous computing provides an added complexity to software security. Studies have treated security competences of software developers as a subsidiary of security engineers' competence instead of software engineers' competence, limiting the full knowledge of the security competences of software developers. This presents a crucial challenge for developers, educators, and users to maintain developers' competences in security. As a first step in pushing for the developers' security competence studies, this chapter utilises a literature review to identify the security competences of software developers. Thirteen security competences of software developers were identified and mapped to the common body of knowledge for information security professional framework. Lastly, the implications for, with, and without the competences are analysed and presented.

Download Full-text

Meta-Modeling Based Secure Software Development Processes

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014070104 ◽

2014 ◽

Vol 5 (3) ◽

pp. 56-74 ◽

Cited By ~ 3

Author(s):

Mehrez Essafi ◽

Henda Ben Ghezala

Keyword(s):

Software Development ◽

Ad Hoc ◽

Software Security ◽

Software Developers ◽

Secure Software ◽

Modeling Techniques ◽

Meta Modeling ◽

Development Processes ◽

Secure Software Development

This work suggests a multilevel support to software developers, who often lack knowledge and skills on how to proceed to develop secure software. In fact, developing software with such quality is a hard and complex task that involves many additional security-dedicated activities which are usually omitted in traditional software development lifecycles or integrated but not efficiently and appropriately deployed in some others. To federate all these software security-assurance activities in a structured way and provide the required guidelines for choosing and using them in a flexible development process, authors used meta-modeling techniques and dynamic process execution that consider developer's affinities and product's states. The proposed approach formalizes existing secure software development processes, allows integration of new ones, prevents ad-hoc executions and is supported by a tool to facilitate its deployment. A case study is given here to exemplify the proposed approach application and to illustrate some of its advantages.

Download Full-text

A Survey on Secure Software Development Lifecycles

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch002 ◽

2014 ◽

pp. 17-33

Author(s):

José Fonseca ◽

Marco Vieira

Keyword(s):

Software Development ◽

Software Security ◽

Software Products ◽

Development Lifecycle ◽

Software Product ◽

Secure Software ◽

Secure Software Development ◽

Software Development Practices ◽

Complete Solutions ◽

The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

Download Full-text

Case Base for Secure Software Development Using Software Security Knowledge Base

2015 IEEE 39th Annual Computer Software and Applications Conference ◽

10.1109/compsac.2015.86 ◽

2015 ◽

Cited By ~ 3

Author(s):

Atsuo Hazeyama ◽

Masahito Saito ◽

Nobukazu Yoshioka ◽

Azusa Kumagai ◽

Takanori Kobashi ◽

...

Keyword(s):

Software Development ◽

Knowledge Base ◽

Software Security ◽

Secure Software ◽

Secure Software Development ◽

Case Base

Download Full-text

A Survey on Secure Software Development Lifecycles

Software Development Techniques for Constructive Information Systems Design ◽

10.4018/978-1-4666-3679-8.ch003 ◽

2013 ◽

pp. 57-73 ◽

Cited By ~ 2

Author(s):

José Fonseca ◽

Marco Vieira

Keyword(s):

Software Development ◽

Software Security ◽

Software Products ◽

Development Lifecycle ◽

Software Product ◽

Secure Software ◽

Secure Software Development ◽

Software Development Practices ◽

Complete Solutions ◽

The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

Download Full-text

A Case-based Management System for Secure Software Development Using Software Security Knowledge

Procedia Computer Science ◽

10.1016/j.procs.2015.08.155 ◽

2015 ◽

Vol 60 ◽

pp. 1092-1100 ◽

Cited By ~ 4

Author(s):

Masahito Saito ◽

Atsuo Hazeyama ◽

Nobukazu Yoshioka ◽

Takanori Kobashi ◽

Hironori Washizaki ◽

...

Keyword(s):

Software Development ◽

Management System ◽

Software Security ◽

Secure Software ◽

Secure Software Development ◽

Case Based

Download Full-text

Checklist Usage in Secure Software Development

10.5121/csit.2021.112322 ◽

2021 ◽

Author(s):

Zhongwei Teng ◽

Jacob Tate ◽

William Nock ◽

Carlos Olea ◽

Jules White

Keyword(s):

Software Development ◽

Large Volume ◽

Cyber Security ◽

Process Research ◽

Software Developers ◽

Security Vulnerabilities ◽

Secure Coding ◽

Secure Software ◽

Secure Software Development ◽

Human Factors Research

Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.

Download Full-text

A Systematic Review and Catalog of Security Metric during the Secure Software Development Life Cycle

Recent Advances in Electrical & Electronic Engineering (Formerly Recent Patents on Electrical & Electronic Engineering) ◽

10.2174/2352096513999201201121823 ◽

2020 ◽

Vol 13 ◽

Author(s):

Sampada G.C ◽

Tende Ivo Sake ◽

Amrita

Keyword(s):

Systematic Review ◽

Life Cycle ◽

Software Development ◽

Software Security ◽

Security Assessment ◽

Security Metrics ◽

Development Life Cycle ◽

Development Processes ◽

Secure Software Development ◽

Software Development Life Cycle

Background: With the advancement in the field of software development, software poses threats and risks to customers’ data and privacy. Most of these threats are persistent because security is mostly considered as a feature or a non-functional requirement, not taken into account during the software development life cycle (SDLC). Introduction: In order to evaluate the security performance of a software system, it is necessary to integrate the security metrics during the SDLC. The appropriate security metrics adopted for each phase of SDLC aids in defining the security goals and objectives of the software as well as quantify the security in the software. Methods: This paper presents systematic review and catalog of security metrics that can be adopted during the distinguishable phases of SDLC, security metrics for vulnerability and risk assessment reported in the literature for secure development of software. The practices of these metrics enable software security experts to improve the security characteristics of the software being developed. The critical analysis of security metrics of each phase and their comparison are also discussed. Results: Security metrics obtained during the development processes help to improve the confidentiality, integrity, and availability of software. Hence, it is imperative to consider security during the development of the software, which can be done with the use of software security metrics. Conclusion: This paper reviews the various security metrics that are meditated in the copious phases during the progression of the SDLC in order to provide researchers and practitioners with substantial knowledge for adaptation and further security assessment.

Download Full-text