Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed se...

Worse, more complex problems such as race conditions and subtle design errors wait in the wings for the buffer overflow’s demise. Software security problems will be with us for years, and hackers will continue to exploit systems via software defects. Clearly, a central and critical aspect of the computer security problem resides in software. Software security—the idea of engineering software th...

We describe an approach and tool for analyzing the vulnerability of software applications to anomalous events and malicious threats during software development. Traditionally, security analysis has been applied at the network system level, after release, using tiger team approaches. After a successful tiger team penetration, speciic system vulnerabilities are patched. We make a case for applyin...

Security is a challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development life cycle to more efficiently integrate security into software. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in the scattering and tan...

Security level, security performance, and security indicators have become standard terms to define security metrics. The data derived from these metrics helps in measurement of software security. The metrics help achieve security objectives – confidentiality, integrity and availability. The security can be assessed for further improvement during development process of the software or the produc...

Software vulnerabilities and their associated exploits have been increasing over the last several years this research attempts to reverse that trend. Currently, security experts recommend that concerns for security start at the earliest stage possible, generally during the requirements engineering phase. Having a set of security requirements enables the production of a secure design, and produc...

Security vulnerabilities are a serious threat to software vendors and their customers: they can result in both monetary loss as well as loss of reputation. Thus, implementing a rigid secure software development lifecycle is a competitive advantage for a software vendor. A holistic security testing approach must cover the whole software development lifecycle across all software products and all ...

The abundance of flawed software has been identified as the main cause of the poor security of computer networks since major viruses and worms have been exploiting the vulnerabilities of such software. As an incentive mechanism for software security quality improvement, software liability has been intensely discussed among computer scientists, jurists, and policy makers for a long time. In this...

Software security is becoming more and more important with the increasing number of applications and platforms connected to the Internet, for example, enterprise applications, smartphones or the iPad. The growing importance makes it a progressively interesting field for developers, software designers, end users, and enterprises. Fixing security bugs belongs to the traditional field of software ...