Khalid Sultan, Abdeslam En-Nouaary, A. Hamou-Lhadj
{"title":"在整个软件开发生命周期中评估软件安全风险的度量标准目录","authors":"Khalid Sultan, Abdeslam En-Nouaary, A. Hamou-Lhadj","doi":"10.1109/ISA.2008.104","DOIUrl":null,"url":null,"abstract":"In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of \"Design for Security\". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle\",\"authors\":\"Khalid Sultan, Abdeslam En-Nouaary, A. Hamou-Lhadj\",\"doi\":\"10.1109/ISA.2008.104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of \\\"Design for Security\\\". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.\",\"PeriodicalId\":212375,\"journal\":{\"name\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISA.2008.104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle
In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of "Design for Security". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
