Title :
Prioritisation and Selection of Software Security Activities
Author :
Byers, David ; Shahmehri, Nahid
Author_Institution :
Dept. of Comput. & Inf. Sci., Linkopings Univ., Linkoping
Abstract :
Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the sustainable software security process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the analytic hierarchy process and an automated search heuristic, scatter search, to the models created as part of the S3P.
Keywords :
safety-critical software; security of data; software process improvement; analytic hierarchy process; software development process; software process improvement; software security selection; sustainable software security process; Availability; Buffer overflow; Computer security; Costs; Failure analysis; Information science; Information security; Programming; Scattering; Software engineering; Software security; analytic hierarchy process; software engineering; software process improvement;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.52
