{"title":"傲慢的安全评估:节省时间和金钱","authors":"Hussain M. J. Almohri, Sayed A. Almohri","doi":"10.1109/SoftStart.2017.1","DOIUrl":null,"url":null,"abstract":"Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's brand among early adapters. Addressing security evaluation, we report our experience in developing a startup's internal software engineering process that includes a continuous security evaluation cycle at the heart of the process and leverages arrogance in software engineering—the tendency to break other team members' code. The valuable outcome was that enforcing security evaluation, as a concrete process activity, came with no cost. That is, we reutilized our resources by changing the flow of the engineering process while capitalizing on arrogance as a motivating stimulus yielding a cost-effective vulnerability assessment for each software release. We describe our process, provide the case for the benefit of arrogant engineers, and conclude with a report of incidents in which arrogance came to our rescue.","PeriodicalId":396104,"journal":{"name":"2017 IEEE/ACM 1st International Workshop on Software Engineeting for Startups (SoftStart)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Evaluation by Arrogance: Saving Time and Money\",\"authors\":\"Hussain M. J. Almohri, Sayed A. Almohri\",\"doi\":\"10.1109/SoftStart.2017.1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's brand among early adapters. Addressing security evaluation, we report our experience in developing a startup's internal software engineering process that includes a continuous security evaluation cycle at the heart of the process and leverages arrogance in software engineering—the tendency to break other team members' code. The valuable outcome was that enforcing security evaluation, as a concrete process activity, came with no cost. That is, we reutilized our resources by changing the flow of the engineering process while capitalizing on arrogance as a motivating stimulus yielding a cost-effective vulnerability assessment for each software release. We describe our process, provide the case for the benefit of arrogant engineers, and conclude with a report of incidents in which arrogance came to our rescue.\",\"PeriodicalId\":396104,\"journal\":{\"name\":\"2017 IEEE/ACM 1st International Workshop on Software Engineeting for Startups (SoftStart)\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM 1st International Workshop on Software Engineeting for Startups (SoftStart)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SoftStart.2017.1\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 1st International Workshop on Software Engineeting for Startups (SoftStart)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SoftStart.2017.1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Evaluation by Arrogance: Saving Time and Money
Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's brand among early adapters. Addressing security evaluation, we report our experience in developing a startup's internal software engineering process that includes a continuous security evaluation cycle at the heart of the process and leverages arrogance in software engineering—the tendency to break other team members' code. The valuable outcome was that enforcing security evaluation, as a concrete process activity, came with no cost. That is, we reutilized our resources by changing the flow of the engineering process while capitalizing on arrogance as a motivating stimulus yielding a cost-effective vulnerability assessment for each software release. We describe our process, provide the case for the benefit of arrogant engineers, and conclude with a report of incidents in which arrogance came to our rescue.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
