Software security has a huge impact on almost all areas ranging from banking systems to critical systems. The rapid expansion of internet and distributed systems has forced developers, designers, engineers and manager to consider software security as an essential activity for their systems. Software security does not depend on the external measures such as firewalls but also on the internal sec...

Security plays a predominant role in software engineering. Enforcing security policies should be considered during the early stages of the software development lifecycle to prevent security breaches in the final products. Because of the pervasive nature of security, integrating security solutions at the software design level may result in the scattering and tangling of security concerns through...

Security plays a predominant role in software engineering. Enforcing security policies should be considered during the early stages of the software development lifecycle to prevent security breaches in the final products. Because of the pervasive nature of security, integrating security solutions at the software design level may result in the scattering and tangling of security concerns through...

Software Security has received a lot of attention during the last years. It aims at preventing security problems by building software without the socalled security holes. One of the ways to do this is to apply specific patterns in software architecture. In the same way that the well-known design patterns for building well-structured software have been used, a new kind of patterns, called securi...

To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...

Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the ...

The security of software applications is an important domain, and one that mixes formalisms (e.g. when dealing with cryptography and security protocols) with very ad hoc, low level practical solutions. In this paper, we look at a subset of the “security” field: the production of secure, general purpose software from a software engineering viewpoint. We call this simply “software security”. We s...

The need to secure software application in today’s hostile computer environment cannot be overlooked. The increase in attacks aimed at software directly in the last decade and the demand for more secure software applications has drawn the attention of the software industry into looking for better ways in which software can be developed more securely. To achieve this, it has been suggested that ...

Humans make mistakes, and software programmers are no exception. Software vulnerabilities are discovered everyday; close to 8,000 vulnerabilities were reported in 2014, and almost 2,500 were reported in the first four months of 2015 [9]. Microsoft Security Response Centre defines software vulnerabilities as a security exposure that results from a product weakness that the product developer did ...

Such statements evidence that security should indeed be a first-class consideration of the software ecosystem. In this position paper, we share some thoughts related to research software security. Our thoughts are based on the observation that security is not a binary, all-or-nothing attribute, but a range of practices and requirements depending on how the software is expected to be deployed an...