Towards Evaluation of Security Assurance during the Software Development Lifecycle

Towards Evaluation of Security Assurance during the Software Development Lifecycle

It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our fir...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Uusitalo, I., Karppinen, K., Ahonen, P., Pentikainen, H.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
Availability
evaluation
Guidelines
Large-scale systems
lifecycle
Programming
Reconfigurable logic
Security
Software engineering
Software security assurance
Software systems
Software tools
trust
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.
DOI:10.1109/ARES.2009.124