Title :
Testing for security during development: why we should scrap penetrate-and-patch
Author_Institution :
Reliable Software Technol., Sterling, VA, USA
Abstract :
In the commercial sector security analysis has traditionally been applied at the network system level, after release, using tiger team approaches. After a successful tiger team penetration, specific system vulnerability is patched. I make a case for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code. This work is based on the generally held belief that a large proportion of security violations result from errors introduced during software development
Keywords :
program debugging; program testing; safety-critical software; security of data; software development management; commercial sector; errors; network system level; penetrate-and-patch; program testing; security analysis; security critical software; security violations; software development; software engineering analysis techniques; software safety; system vulnerability; tiger team approach; Application software; Computer errors; Computer security; Information security; Instruments; Performance analysis; Programming; Software engineering; Software safety; Testing;
Conference_Titel :
Computer Assurance, 1997. COMPASS '97. Are We Making Progress Towards Computer Assurance? Proceedings of the 12th Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-3979-7
DOI :
10.1109/CMPASS.1997.613270