Towards Evaluation of Security Assurance during the Software Development Lifecycle

Towards Evaluation of Security Assurance during the Software Development Lifecycle

It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our fir...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Uusitalo, I., Karppinen, K., Ahonen, P., Pentikainen, H.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
Availability
evaluation
Guidelines
Large-scale systems
lifecycle
Programming
Reconfigurable logic
Security
Software engineering
Software security assurance
Software systems
Software tools
trust
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 822
container_issue
container_start_page 817
container_title
container_volume
creator Uusitalo, I.
Karppinen, K.
Ahonen, P.
Pentikainen, H.
description It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.
doi_str_mv 10.1109/ARES.2009.124
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5066570</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5066570</ieee_id><sourcerecordid>5066570</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-cfa5c4ef4cce745bd5c20b087597e590ea0ade6999d778018f88aa3633c944653</originalsourceid><addsrcrecordid>eNotj0tLw0AUhUdEUGuWrtzMH2i887gzmWWo9QEBoanrMp3c0UialDwq_fcG9GwOfHA-OIzdC0iFAPeYb9ZlKgFcKqS-YImzGVjjUKHR9pLdCi21VmilvGbJMHzDHI0yA3XDNtvux_fVwNcn30x-rLuWd5GXFKa-Hs88H4ap920gXs2g_eTjF_Gyi-O8Iv5EJ2q644HakRd1pHAODd2xq-ibgZL_XrCP5_V29bos3l_eVnmxrIXFcRmix6Ap6hDIatxXGCTsIbPoLKED8uArMs65ys6HRBazzHtllApOa4NqwR7-vDUR7Y59ffD9eYdgDFpQv6uGULk</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Towards Evaluation of Security Assurance during the Software Development Lifecycle</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Uusitalo, I. ; Karppinen, K. ; Ahonen, P. ; Pentikainen, H.</creator><creatorcontrib>Uusitalo, I. ; Karppinen, K. ; Ahonen, P. ; Pentikainen, H.</creatorcontrib><description>It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.</description><identifier>ISBN: 1424435722</identifier><identifier>ISBN: 9781424435722</identifier><identifier>EISBN: 9780769535647</identifier><identifier>EISBN: 076953564X</identifier><identifier>DOI: 10.1109/ARES.2009.124</identifier><language>eng</language><publisher>IEEE</publisher><subject>Application software ; Availability ; evaluation ; Guidelines ; Large-scale systems ; lifecycle ; Programming ; Reconfigurable logic ; Security ; Software engineering ; Software security assurance ; Software systems ; Software tools ; trust</subject><ispartof>2009 International Conference on Availability, Reliability and Security, 2009, p.817-822</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5066570$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,27924,54919</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5066570$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Uusitalo, I.</creatorcontrib><creatorcontrib>Karppinen, K.</creatorcontrib><creatorcontrib>Ahonen, P.</creatorcontrib><creatorcontrib>Pentikainen, H.</creatorcontrib><title>Towards Evaluation of Security Assurance during the Software Development Lifecycle</title><title>2009 International Conference on Availability, Reliability and Security</title><addtitle>ARES</addtitle><description>It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.</description><subject>Application software</subject><subject>Availability</subject><subject>evaluation</subject><subject>Guidelines</subject><subject>Large-scale systems</subject><subject>lifecycle</subject><subject>Programming</subject><subject>Reconfigurable logic</subject><subject>Security</subject><subject>Software engineering</subject><subject>Software security assurance</subject><subject>Software systems</subject><subject>Software tools</subject><subject>trust</subject><isbn>1424435722</isbn><isbn>9781424435722</isbn><isbn>9780769535647</isbn><isbn>076953564X</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj0tLw0AUhUdEUGuWrtzMH2i887gzmWWo9QEBoanrMp3c0UialDwq_fcG9GwOfHA-OIzdC0iFAPeYb9ZlKgFcKqS-YImzGVjjUKHR9pLdCi21VmilvGbJMHzDHI0yA3XDNtvux_fVwNcn30x-rLuWd5GXFKa-Hs88H4ap920gXs2g_eTjF_Gyi-O8Iv5EJ2q644HakRd1pHAODd2xq-ibgZL_XrCP5_V29bos3l_eVnmxrIXFcRmix6Ap6hDIatxXGCTsIbPoLKED8uArMs65ys6HRBazzHtllApOa4NqwR7-vDUR7Y59ffD9eYdgDFpQv6uGULk</recordid><startdate>200903</startdate><enddate>200903</enddate><creator>Uusitalo, I.</creator><creator>Karppinen, K.</creator><creator>Ahonen, P.</creator><creator>Pentikainen, H.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200903</creationdate><title>Towards Evaluation of Security Assurance during the Software Development Lifecycle</title><author>Uusitalo, I. ; Karppinen, K. ; Ahonen, P. ; Pentikainen, H.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-cfa5c4ef4cce745bd5c20b087597e590ea0ade6999d778018f88aa3633c944653</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Application software</topic><topic>Availability</topic><topic>evaluation</topic><topic>Guidelines</topic><topic>Large-scale systems</topic><topic>lifecycle</topic><topic>Programming</topic><topic>Reconfigurable logic</topic><topic>Security</topic><topic>Software engineering</topic><topic>Software security assurance</topic><topic>Software systems</topic><topic>Software tools</topic><topic>trust</topic><toplevel>online_resources</toplevel><creatorcontrib>Uusitalo, I.</creatorcontrib><creatorcontrib>Karppinen, K.</creatorcontrib><creatorcontrib>Ahonen, P.</creatorcontrib><creatorcontrib>Pentikainen, H.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Uusitalo, I.</au><au>Karppinen, K.</au><au>Ahonen, P.</au><au>Pentikainen, H.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Towards Evaluation of Security Assurance during the Software Development Lifecycle</atitle><btitle>2009 International Conference on Availability, Reliability and Security</btitle><stitle>ARES</stitle><date>2009-03</date><risdate>2009</risdate><spage>817</spage><epage>822</epage><pages>817-822</pages><isbn>1424435722</isbn><isbn>9781424435722</isbn><eisbn>9780769535647</eisbn><eisbn>076953564X</eisbn><abstract>It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.</abstract><pub>IEEE</pub><doi>10.1109/ARES.2009.124</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1424435722
ispartof 2009 International Conference on Availability, Reliability and Security, 2009, p.817-822
issn
language eng
recordid cdi_ieee_primary_5066570
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Application software
Availability
evaluation
Guidelines
Large-scale systems
lifecycle
Programming
Reconfigurable logic
Security
Software engineering
Software security assurance
Software systems
Software tools
trust
title Towards Evaluation of Security Assurance during the Software Development Lifecycle
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T01%3A56%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Towards%20Evaluation%20of%20Security%20Assurance%20during%20the%20Software%20Development%20Lifecycle&rft.btitle=2009%20International%20Conference%20on%20Availability,%20Reliability%20and%20Security&rft.au=Uusitalo,%20I.&rft.date=2009-03&rft.spage=817&rft.epage=822&rft.pages=817-822&rft.isbn=1424435722&rft.isbn_list=9781424435722&rft_id=info:doi/10.1109/ARES.2009.124&rft_dat=%3Cieee_6IE%3E5066570%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9780769535647&rft.eisbn_list=076953564X&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5066570&rfr_iscdi=true