software security
Recently Published Documents


TOTAL DOCUMENTS

691
(FIVE YEARS 161)

H-INDEX

21
(FIVE YEARS 3)

2022 ◽  
Vol 31 (1) ◽  
pp. 1-52
Author(s):  
Irum Rauf ◽  
Marian Petre ◽  
Thein Tun ◽  
Tamara Lopez ◽  
Paul Lunn ◽  
...  

Despite the availability of various methods and tools to facilitate secure coding, developers continue to write code that contains common vulnerabilities. It is important to understand why technological advances do not sufficiently facilitate developers in writing secure code. To widen our understanding of developers' behaviour, we considered the complexity of the security decision space of developers using theory from cognitive and social psychology. Our interdisciplinary study reported in this article (1) draws on the psychology literature to provide conceptual underpinnings for three categories of impediments to achieving security goals, (2) reports on an in-depth meta-analysis of existing software security literature that identified a catalogue of factors that influence developers' security decisions, and (3) characterises the landscape of existing security interventions that are available to the developer during coding and identifies gaps. Collectively, these show that different forms of impediments to achieving security goals arise from different contributing factors. Interventions will be more effective where they reflect psychological factors more sensitively and marry technical sophistication, psychological frameworks, and usability. Our analysis suggests “adaptive security interventions” as a solution that responds to the changing security needs of individual developers and a present a proof-of-concept tool to substantiate our suggestion.


2022 ◽  
pp. 47-69
Author(s):  
Monica Iovan ◽  
Daniela S. Cruzes ◽  
Espen A. Johansen
Keyword(s):  

2022 ◽  
pp. 627-648
Author(s):  
Daniela Soares Cruzes ◽  
Espen Agnalt Johansen

Improving software security in software development teams is an enduring challenge for software companies. In this chapter, the authors present one strategy for addressing this pursuit of improvement. The approach is ambidextrous in the sense that it focuses on approaching software security activities both from a top-down and a bottom-up perspective, combining elements usually found separately in software security initiatives. The approach combines (1) top-down formal regulatory mechanisms deterring breaches of protocol and enacting penalties where they occur and (2) bottom-up capacity building and persuasive encouragement of adherence to guidance by professional self-determination, implementation, and improvement support (e.g., training, stimulating, interventions). The ambidextrous governance framework illustrates distinct, yet complementary, global and local roles: (1) ensuring the adoption and implementation of software security practices, (2) enabling and (3) empowering software development teams to adapt and add to overall mandates, and (4) embedding cultures of improvement.


2022 ◽  
Vol 31 (2) ◽  
pp. 707-716
Author(s):  
Hashem Alyami ◽  
Mohd Nadeem ◽  
Wael Alosaimi ◽  
Abdullah Alharbi ◽  
Rajeev Kumar ◽  
...  

2022 ◽  
pp. 2050-2064
Author(s):  
Nana Assyne

Software growth has been explosive as people depend heavily on software on daily basis. Software development is a human-intensive effort, and developers' competence in software security is essential for secure software development. In addition, ubiquitous computing provides an added complexity to software security. Studies have treated security competences of software developers as a subsidiary of security engineers' competence instead of software engineers' competence, limiting the full knowledge of the security competences of software developers. This presents a crucial challenge for developers, educators, and users to maintain developers' competences in security. As a first step in pushing for the developers' security competence studies, this chapter utilises a literature review to identify the security competences of software developers. Thirteen security competences of software developers were identified and mapped to the common body of knowledge for information security professional framework. Lastly, the implications for, with, and without the competences are analysed and presented.


2022 ◽  
pp. 2026-2048
Author(s):  
Tosin Daniel Oyetoyan ◽  
Martin Gilje Gilje Jaatun ◽  
Daniela Soares Cruzes

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.


2021 ◽  
Vol 2021 ◽  
pp. 1-19
Author(s):  
Raghavendra Rao Althar ◽  
Debabrata Samanta ◽  
Manjit Kaur ◽  
Abeer Ali Alnuaim ◽  
Nouf Aljaffan ◽  
...  

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.


2021 ◽  
Vol 11 (24) ◽  
pp. 11784
Author(s):  
Hashem Alyami ◽  
Mohd Nadeem ◽  
Abdullah Alharbi ◽  
Wael Alosaimi ◽  
Md Tarique Jamal Ansari ◽  
...  

The primary goal of this research study, in the field of information technology (IT), is to improve the security and durability of software. A quantum computing-based security algorithm springs quite a lot of symmetrical approaches and procedures to ensure optimum software retreat. The accurate assessment of software’s durability and security is a dynamic aspect in assessing, administrating, and controlling security for strengthening the features of security. This paper essentially emphasises the demarcation and depiction of quantum computing from a software security perspective. At present, different symmetrical-based cryptography approaches or algorithms are being used to protect different government and non-government sectors, such as banks, healthcare sectors, defense, transport, automobiles, navigators, weather forecasting, etc., to ensure software durability and security. However, many crypto schemes are likely to collapse when a large qubit-based quantum computer is developed. In such a scenario, it is necessary to pay attention to the security alternatives based on quantum computing. Presently, the different factors of software durability are usability, dependability, trustworthiness, and human trust. In this study, we have also classified the durability level in the second stage. The intention of the evaluation of the impact on security over quantum duration is to estimate and assess the security durability of software. In this research investigation, we have followed the symmetrical hybrid technique of fuzzy analytic hierarchy process (FAHP) and fuzzy technique for order of preference by similarity to ideal solution (FTOPSIS). The obtained results, and the method used in this estimation, would make a significant contribution to future research for organising software security and durability (SSD) in the presence of a quantum computer.


2021 ◽  
Vol 111 ◽  
pp. 102470
Author(s):  
Anh Nguyen-Duc ◽  
Manh Viet Do ◽  
Quan Luong Hong ◽  
Kiem Nguyen Khac ◽  
Anh Nguyen Quang

Sign in / Sign up

Export Citation Format

Share Document