Title :
Security risks: management and mitigation in the software life cycle
Author :
Gilliam, David P.
Author_Institution :
Jet Propulsion Lab., California Inst. of Technol., Pasadena, CA, USA
Abstract :
A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects, which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Software Security Assessment Instrument (SSA1) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.
Keywords :
risk management; security of data; software development management; Defect Detection and Prevention risk management tool; JPL addresses; Software Security Assessment Instrument; security risk assessment tool; security risk management tool; security risk mitigation tool; software development management; software life cycle management; software security checklist; Capability maturity model; Collaborative software; Explosions; Information security; Instruments; Propulsion; Risk management; Software tools; State-space methods; Testing;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 2004. WET ICE 2004. 13th IEEE International Workshops on
Print_ISBN :
0-7695-2183-5
DOI :
10.1109/ENABL.2004.55
