A Contextual Guidance Approach to Software Security

With the ongoing trend towards the globalization of software systems and their development, components in these systems might not only work together, but may end up evolving independently from each other. Modern IDEs have started to incorporate support for these highly distributed environments, by adding new collaborative features. As a result, assessing and controlling system quality (e.g. security concerns) during system evolution in these highly distributed systems become a major challenge. In this research, we introduce a unified ontological representation that integrates best security practices in a context-aware tool implementation. As part of our approach, we integrate information from traditional static source code analysis with semantic rich structural information in a unified ontological representation. We illustrate through several use cases how our approach can support the evolvability of software systems from a security quality perspective.