Collaborative Security Code-Review Towards Aiding Developers Ensure Software-Security

نویسندگان

  • Hala Assal
  • Jeff Wilson
  • Sonia Chiasson
  • Robert Biddle
چکیده

Humans make mistakes, and software programmers are no exception. Software vulnerabilities are discovered everyday; close to 8,000 vulnerabilities were reported in 2014, and almost 2,500 were reported in the first four months of 2015 [9]. Microsoft Security Response Centre defines software vulnerabilities as a security exposure that results from a product weakness that the product developer did not intend to introduce and should fix once it is discovered [8]. Integrating security in the Software Development Lifecycle (SDLC) leads to better quality software than when security was considered as an additional task [11]. Major software companies are taking the initiative to integrate security in the SDLC, starting from the early stages of the development. For example, Microsoft has been following a securityoriented software development process since 2004. The Microsoft Security Development Lifecycle (SDL) introduces security early in the development process and throughout the different stages of the traditional SDLC [7]. Google, on the other hand, has an independent Security Team responsible for aiding security reviews during the design and implementation phases, as well as providing ongoing consultation on project-relevant security risks and their possible remedies. Static analysis [12] is a method of software testing that can be performed throughout the different stages of the development to ensure software is free of vulnerabilities introduced to the code due to programming errors. Static analysis does not require the code to be executed, thus incomplete versions of the software can be tested. This allows testing software during early stages when errors are less expensive to fix [3, 1]. Static-code Analysis Tools (SATs) are tools that automatically analyze static-code to uncover vulnerabilities.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing

Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...

متن کامل

Towards Assisted Remediation of Security Vulnerabilities

Security vulnerabilities are still prevalent in systems despite the existence of their countermeasures for several decades. In order to detect the security vulnerabilities missed by developers, complex solutions are undertaken like static analysis, often after the development phase and with a loss of context. Although vulnerabilities are found, there is also an absence of systematic protection ...

متن کامل

Alessandra Bagnato ( Ed . ) Security in Model - Driven Architecture European Workshop on Security in Model Driven Architecture 2009 ( SEC - MDA 2009 ) , Enschede ( The Netherlands ) , June 24 , 2009

There is growing demand to evolve systems continuously to meet changing business needs, new regulations and policies, novel technologies and computing infrastructures. Unfortunately, the pace of required change affects developers’ ability to establish and maintain desirable levels of quality of systems. Therefore, the aim of the Secure Change project is to develop techniques and tools that ensu...

متن کامل

Towards Seamless Prevention & Recovery from Application-Level Vulnerabilities

A great deal of research in the last several years has focused on securing sever-side software systems, which are a common target to buffer overruns, format string violations, and other similar types of attacks. A variety of techniques to protect server-side software have been suggested, ranging from hardware-level mechanisms [12, 36] to static analysis [23, 34, 37]. However, most of the code b...

متن کامل

Towards Building Secure Software Systems

Software security breaches are now very extremely common and a larger percentage is caused by software design defects. Since individuals and organizations now completely depend on software systems for their day-to-day operations, it is then important to produce secure software products. This paper discusses the problems of producing secure software products and provides a model for improving so...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015