Secure software development processes can reduce the quantity of security errors and the vulnerabilities involved in software projects. A secure development process is composed by activities that propose the insertion of security requirements in all software development phases. These activities can be based on standards and/or security models such as SSE-CMM, ISO/IEC 27001, ISO/IEC 15408. The p...

Supervisory Committee Dr. Issa Traore Supervisor Dr. Kin Fun Li Departmental Member Dr. Stephen W. Neville Departmental Member Weber-Jahnke, J.H. Outside Member Dr. John Mullins Additional Member Due to the dramatic increase in intrusion activities, the definition and evaluation of software security requirements have become important aspects of the development of software services. It is now a ...

Conventional wisdom gives us the principle of Design for Security : to create secure software, design it to be secure from the ground up. To date, however, only a small fraction of software developed has followed this principle. Diverse security requirements and economic pressures often force software developers to abandon security and focus instead on functionality and performance. As a result...

This paper presents a model of multi-product pricing for consumer security software. It highlights two aspects unique to this kind of software. The …rst is a supply-side e¤ect relating to the security software update process that alters its cost structure, and the second is a demand-side e¤ect relating to the fact that customers often get free substitutes for components of security software sui...

This paper discusses the Trustworthy Computing Security Development Lifecycle (or simply the SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of securityfocused activities and deliverables to each of the phases of Microsoft's software development process. These activities and del...

The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without...

Software security breaches are now very extremely common and a larger percentage is caused by software design defects. Since individuals and organizations now completely depend on software systems for their day-to-day operations, it is then important to produce secure software products. This paper discusses the problems of producing secure software products and provides a model for improving so...

Software security becomes a critically important issue for software development when more and more malicious attacks explore the security holes in software systems. To avoid security problems, a large software system design may reuse good security solutions by applying security patterns. Security patterns document expert solutions to common security problems and capture best practices on secure...

Software in networks, which is a special kind of applications in service-oriented computing and ultra-large-scale systems, is a complex software system deploying on network environment. Requirements of networked software pose many security problems owing to the dynamic topology structure and users’ uncertainty. How to evaluate the degree of software security in networks is a challenging problem...

Security flaws in software applications today has been attributed mostly to design flaws. With limited budget and time to release software into the market, many developers often consider security as an afterthought. Previous research shows that integrating security into software applications at a later stage of software development lifecycle (SDLC) has been found to be more costly than when it ...