Title :
Testing for security during development: why we should scrap penetrate-and-patch
Author_Institution :
Reliable Software Technol., Sterling, VA, USA
fDate :
4/1/1998 12:00:00 AM
Abstract :
In the commercial sector, security analysis has traditionally been applied at the network system level, after release, using tiger team approaches, After a successful tiger team penetration, specific system vulnerabilities are patched. I make a case for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code. This work is based on the generally held belief that a large proportion of security violations result from errors introduced during software development
Keywords :
safety-critical software; security of data; software development management; adaptive vulnerability analysis algorithm; design for security; dynamic execution; fault injection technique; penetrate-and-patch; security during development; security-critical software code; software engineering analysis techniques; software safety; software vulnerability; testing; tiger team penetration; white-box analysis; Application software; Computer errors; Computer security; Information security; Instruments; National security; Programming; Software engineering; Software safety; Software testing;
Journal_Title :
Aerospace and Electronic Systems Magazine, IEEE
