scholarly journals Checklist Usage in Secure Software Development

2021 ◽  
Author(s):  
Zhongwei Teng ◽  
Jacob Tate ◽  
William Nock ◽  
Carlos Olea ◽  
Jules White
Keyword(s):  
Software Development ◽  
Large Volume ◽  
Cyber Security ◽  
Process Research ◽  
Software Developers ◽  
Security Vulnerabilities ◽  
Secure Coding ◽  
Secure Software ◽  
Secure Software Development ◽  
Human Factors Research

Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.

Towards a Security Competence of Software Developers

2022 ◽  
pp. 2050-2064
Author(s):  
Nana Assyne
Keyword(s):  
Software Development ◽  
Software Security ◽  
Daily Basis ◽  
Software Developers ◽  
Body Of Knowledge ◽  
Secure Software ◽  
Full Knowledge ◽  
Software Engineers ◽  
Secure Software Development ◽  
The Common

Software growth has been explosive as people depend heavily on software on daily basis. Software development is a human-intensive effort, and developers' competence in software security is essential for secure software development. In addition, ubiquitous computing provides an added complexity to software security. Studies have treated security competences of software developers as a subsidiary of security engineers' competence instead of software engineers' competence, limiting the full knowledge of the security competences of software developers. This presents a crucial challenge for developers, educators, and users to maintain developers' competences in security. As a first step in pushing for the developers' security competence studies, this chapter utilises a literature review to identify the security competences of software developers. Thirteen security competences of software developers were identified and mapped to the common body of knowledge for information security professional framework. Lastly, the implications for, with, and without the competences are analysed and presented.

Meta-Modeling Based Secure Software Development Processes

2014 ◽  
Vol 5 (3) ◽  
pp. 56-74 ◽  
Author(s):  
Mehrez Essafi ◽  
Henda Ben Ghezala
Keyword(s):  
Software Development ◽  
Ad Hoc ◽  
Software Security ◽  
Software Developers ◽  
Secure Software ◽  
Modeling Techniques ◽  
Meta Modeling ◽  
Development Processes ◽  
Secure Software Development

This work suggests a multilevel support to software developers, who often lack knowledge and skills on how to proceed to develop secure software. In fact, developing software with such quality is a hard and complex task that involves many additional security-dedicated activities which are usually omitted in traditional software development lifecycles or integrated but not efficiently and appropriately deployed in some others. To federate all these software security-assurance activities in a structured way and provide the required guidelines for choosing and using them in a flexible development process, authors used meta-modeling techniques and dynamic process execution that consider developer's affinities and product's states. The proposed approach formalizes existing secure software development processes, allows integration of new ones, prevents ad-hoc executions and is supported by a tool to facilitate its deployment. A case study is given here to exemplify the proposed approach application and to illustrate some of its advantages.

scholarly journals Towards a Security Competence of Software Developers

2020 ◽  
pp. 73-87
Author(s):  
Nana Assyne
Keyword(s):  
Software Development ◽  
Software Security ◽  
Daily Basis ◽  
Software Developers ◽  
Body Of Knowledge ◽  
Secure Software ◽  
Full Knowledge ◽  
Software Engineers ◽  
Secure Software Development ◽  
The Common

Software growth has been explosive as people depend heavily on software on daily basis. Software development is a human-intensive effort, and developers' competence in software security is essential for secure software development. In addition, ubiquitous computing provides an added complexity to software security. Studies have treated security competences of software developers as a subsidiary of security engineers' competence instead of software engineers' competence, limiting the full knowledge of the security competences of software developers. This presents a crucial challenge for developers, educators, and users to maintain developers' competences in security. As a first step in pushing for the developers' security competence studies, this chapter utilises a literature review to identify the security competences of software developers. Thirteen security competences of software developers were identified and mapped to the common body of knowledge for information security professional framework. Lastly, the implications for, with, and without the competences are analysed and presented.

Analysis of the Principles and Criteria for Secure Software Development

2020 ◽  
Author(s):  
Roumen Trifonov ◽  
Ognian Nakov ◽  
Galya Pavlova ◽  
Slavcho Manolov ◽  
Georgy Tsochev ◽  
...  
Keyword(s):  
Software Development ◽  
Secure Software ◽  
Secure Software Development

scholarly journals Systematic Mapping of the Literature on Secure Software Development

IEEE Access ◽  
2021 ◽  
Vol 9 ◽  
pp. 36852-36867
Author(s):  
Hernan Nina ◽  
Jose Antonio Pow-Sang ◽  
Monica Villavicencio
Keyword(s):  
Software Development ◽  
Systematic Mapping ◽  
Secure Software ◽  
Secure Software Development

Toward effective adoption of secure software development practices

2018 ◽  
Vol 85 ◽  
pp. 33-46 ◽  
Author(s):  
Shams Al-Amin ◽  
Nirav Ajmeri ◽  
Hongying Du ◽  
Emily Z. Berglund ◽  
Munindar P. Singh
Keyword(s):  
Software Development ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices
Sign in / Sign up

Export Citation Format

Share Document