Title :
Quantifying Security in Secure Software Development Phases
Author :
Khan, Muhammad Umair Ahmed ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´´s Univ. Kingston, Kingston, ON
fDate :
July 28 2008-Aug. 1 2008
Abstract :
Secure software is crucial in todaypsilas software dependent world. However, most of the time, security is not addressed from the very beginning of a software development life cycle (SDLC), and it is only incorporated after the software has been developed. Even when security is considered since the inception of the software development, there is no concrete way to quantify security of an SDLC artifact. This quantification is necessary to know about the security state of an SDLC artifact after each phase of software development. Moreover, this could help the software developers in allocating further resources to increase security and decrease the vulnerabilities in any software. In this paper, we use vulnerability occurrences to calculate a vulnerability index of an SDLC artifact that provides an indication about the existing vulnerabilities. Moreover, we calculate a security index by using the combined potential damage that can be caused due to vulnerabilities.
Keywords :
security of data; software development management; secure software development; software development life cycle; software vulnerability; Application software; Computer applications; Computer security; Concrete; Costs; Information security; Performance evaluation; Programming; Resource management; Software systems;
Conference_Titel :
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
Conference_Location :
Turku
Print_ISBN :
978-0-7695-3262-2
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2008.173
