Title :
How can the developer benefit from security modeling?
Author :
Ardi, Shanai ; Byers, David ; Meland, Per Håkon ; Tøndel, Inger Anne ; Shahmehri, Nahid
Author_Institution :
Dept. of Comput. & Inf. Sci., Linkopings Universitet, Linkoping
Abstract :
Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development
Keywords :
risk analysis; security of data; software engineering; security threats; software development; software lifecycle; software security modeling; vulnerability repositories; Computer security; Control systems; Information science; Information security; Programming; Risk analysis; Software engineering; Software measurement; Software quality; Software tools;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.96
