Software architecture plays a central role in developing software systems that satisfy functionality and security requirements. However, little has been done to integrate system design with security enforcement, which would otherwise benefits both development process and system’s quality of service (QoS). This paper proposes a formal method to integrate security administration into software arc...

This paper explores how to characterise security properties of software components, and how to reason about their suitability for a trustworthy compositional contract. Our framework provides an explicit opportunity for software composers as well as software components to test a priori security properties of software components in a system composition. The proposed framework uses logic programmi...

This study seeks to empirically investigate specific security characteristics of both open source software and proprietary software. Operating system software vulnerability data spanning several years are collected and analyzed to determine if significant differences exist in terms of inter-arrival times of published vulnerabilities and patch releases. Open source software is only marginally qu...

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achie...

Software security, which has attracted the interest of the industrial and research community during the last years, aims at preventing security problems by building software without the so-called security holes. One way to achieve this goal is to apply specific patterns in software architecture. In the same way that the well-known design patterns for building well-structured software have been ...

Advances in the interconnected capabilities of cyber physical systems (CPS) affect virtually every engineered system. Today, software approaches dominate all aspects of connecting the physical and cyber worlds in part due to the convergence of computing, control and communications software technologies. Unfortunately, software technologies are more vulnerable to cybersecurity problems than trad...

Security is the main concern now days for any software system. In the past security was often treated as an add-on on other requirements, which make the system expensive on both the developer and user sides. Computer system security attacks are one of the most urgent problems facing IT professionals today. Security engineering should be integrated with the Software development life cycle to han...

Software houses are now keen to provide secure software as requested by customers’ desire with respect to security and quality of their products especially related to the software costing estimation in the software development and implementation environment. Therefore, there is a need to identify the potential security risks while estimating the application cost. In this paper, we provide a lis...

Security testing is a software testing discipline that aims to verify that the functionality of the software is resistant to attacks and data processed by the software is protected. To establish common requirements that the software must ful ll, software security standards are published. This thesis aims to describe and apply a process necessary to verify the security of a web application. A ch...

Software selection is an important consideration in risk management for information security. Additionally, the underlying robustness and security of a technology under consideration has become increasingly important in total cost of ownership and other calculations of business value. Open source software is often touted as being robust to many of the problems that seem to plague proprietary so...