论文信息 - Software Security: The Dangerous Afterthought

Software Security: The Dangerous Afterthought

As users of many different types of software, one of the last things we think about when deciding which is best for the task at hand is the security of the software. This of course depends on the type of software as well. If it is banking or tax software then, security is of concern. However, in most cases the thought rarely crosses the average users mind. That is until something happens to the system or information the system may hold. This way of thinking is very similar to the way some software is created. The software's features, usability, and interface are normally at the forefront. On the other hand the software's security is just an afterthought for many developers. While software is developed in a very intricate process, it does not currently stress security. In this paper, we will describe different approaches that have been recently researched to help create more secure software. Although these approaches will be introduced separately, using a combination of two or all three together would be the most secure combination.

[1] S. Rehman,et al. Research on software design level security vulnerabilities , 2009, SOEN.

[2] John Goodenough,et al. Arguing Security – Creating Security Assurance Cases , 2014 .

[3] Javier López,et al. Security assurance during the software development cycle , 2009, CompSysTech '09.

[4] Jim Alves-Foss,et al. Policy-Based Security for Wireless Components in High Assurance Computer Systems , 2007 .

[5] Nancy R. Mead,et al. Engineering Security Into the Software Development Life Cycle , 2005 .

[6] Joseph K. Kearney,et al. Software complexity measurement , 1986, CACM.

[7] Laurie A. Williams,et al. Is complexity really the enemy of software security? , 2008, QoP '08.

[8] Steven B. Lipner,et al. The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[9] Lars Lundberg,et al. Evaluating the cost reduction of static code analysis for software security , 2008, PLAS '08.