Software Engineering: The First Line of Defense for Cybersecurity

Cybersecurity has become an area of critical concern due to an ever-growing number of security breaches. Some of these breaches compromise personal information, exposing individuals and firms to potential identity theft, fraud and other maladies. Other attacks seek to gain control of systems for use in attacking as part of bot nets and other indirect attack techniques. Yet other attacks target cyber-physical systems whose compromise could potentially lead to the injury or death of individuals relying on or nearby the equipment. This paper considers the role of software engineering in preventing cyberattacks and discusses the types of software engineering failures that translate into vulnerabilities that can be attacked. Prospective solutions and areas of needed future research are discussed.

[1]  CACM Staff,et al.  Cybersecurity , 2017, Studies in Big Data.

[2]  Adam T. Sampson,et al.  Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities , 2017, ESSoS.

[3]  Muhammad Salman Khan,et al.  A Cognitive and Concurrent Cyber Kill Chain Model , 2018, Computer and Network Security Essentials.

[4]  Kendall E. Nygard,et al.  Cybersecurity Practices from a Software Engineering Perspective , 2017 .

[5]  Yacov Y. Haimes,et al.  Cybersecurity: From Ad Hoc Patching to Lifecycle of Software Engineering , 2006 .

[6]  Samuel A. Merrell,et al.  Goal-based assessment for the cybersecurity of critical infrastructure , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[7]  Tomás San Feliu Gilabert,et al.  Comparative Study of Cybersecurity Capability Maturity Models , 2017, SPICE.

[8]  J. Rudolph,et al.  Lessons learned from non-medical industries: root cause analysis as culture change at a chemical plant , 2002, Quality & safety in health care.

[9]  Steven Muegge,et al.  Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects , 2015 .

[10]  Carol Woody,et al.  Predicting cybersecurity using quality data , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[11]  Jeffrey M. Voas,et al.  Metamorphic Testing for Cybersecurity , 2016, Computer.

[12]  Adel Alshamrani,et al.  A Comparison Between Three SDLC Models Waterfall Model, Spiral Model, and Incremental/Iterative Model , 2015 .

[13]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[14]  Ali Mili,et al.  A cybersecurity model in cloud computing environments , 2013, J. King Saud Univ. Comput. Inf. Sci..

[15]  Peter J. Clarke,et al.  Introducing a Cybersecurity Mindset into Software Engineering Undergraduate Courses , 2018 .

[16]  Claes Wohlin,et al.  The Waterfall Model in Large-Scale Development , 2009, PROFES.

[17]  C. W. Johnson CyberSafety : On the Interactions between CyberSecurity and the Software Engineering of Safety-Critical Systems , 2011 .

[18]  James J. Rooney,et al.  Root cause analysis for beginners , 2004 .

[19]  Jeffrey Braithwaite,et al.  Turning the medical gaze in upon itself: root cause analysis and the investigation of clinical error. , 2006, Social science & medicine.