DocumentCode :
3053311
Title :
Testing for security during development: why we should scrap penetrate-and-patch
Author :
McGraw, Gary
Author_Institution :
Reliable Software Technol., Sterling, VA, USA
fYear :
1997
fDate :
16-19 Jun 1997
Firstpage :
117
Lastpage :
119
Abstract :
In the commercial sector security analysis has traditionally been applied at the network system level, after release, using tiger team approaches. After a successful tiger team penetration, specific system vulnerability is patched. I make a case for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code. This work is based on the generally held belief that a large proportion of security violations result from errors introduced during software development
Keywords :
program debugging; program testing; safety-critical software; security of data; software development management; commercial sector; errors; network system level; penetrate-and-patch; program testing; security analysis; security critical software; security violations; software development; software engineering analysis techniques; software safety; system vulnerability; tiger team approach; Application software; Computer errors; Computer security; Information security; Instruments; Performance analysis; Programming; Software engineering; Software safety; Testing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Assurance, 1997. COMPASS '97. Are We Making Progress Towards Computer Assurance? Proceedings of the 12th Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-3979-7
Type :
conf
DOI :
10.1109/CMPASS.1997.613270
Filename :
613270
Link To Document :
بازگشت