Recent trends in the software development practices (Agile, De-vOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for potential vulnerabilities and design flaws. Yet, design flaws are often documented with natural language and require a manual analysis, which is inefficient. Besides low-level vulnerability databases (e.g., CWE, CAPEC) there is little systematized knowledge on security design flaws. The purpose of this work is to present and evaluate a catalog of security design flaws accompanied by inspection guidelines for their detection. To this aim, we conduct empirical studies with master and doctoral students. This paper...
The cost of fixing system vulnerabilities and the risk associated with vulnerabilities after system ...
The article deals with the issues of organizing software weaknesses by the software architect at the...
The quality assurance technique software inspection is often not sufficiently appreciated, especiall...
Security by design is a key principle for realizing secure software systems and it is advised to hun...
Producing secure software is extremely hard to do right. The number of security flaws and vulnerabi...
Software engineers currently rely on lengthy source code reviews, testing, and static analysis tools...
Inspections can be used to identify defects in software artifacts. In this way, inspection methods h...
Defects in requirement specifications can have severe consequences during the software development l...
Defects in requirements specifications can have severe consequences during the software development ...
The architecture design of a software system plays a crucial role in addressing security requirement...
Context: Security is a growing concern in many organizations. Industries developing software systems...
Although security inspections have proven to be a very efficient means for assuring software securit...
Thesis (Master's)--University of Washington, 2021Software development companies put a heavy investme...
Viewing security vulnerabilities as a specific type of software defect allows proven software engine...
Defects in requirements specifications can have severe consequences during the software development ...
The cost of fixing system vulnerabilities and the risk associated with vulnerabilities after system ...
The article deals with the issues of organizing software weaknesses by the software architect at the...
The quality assurance technique software inspection is often not sufficiently appreciated, especiall...
Security by design is a key principle for realizing secure software systems and it is advised to hun...
Producing secure software is extremely hard to do right. The number of security flaws and vulnerabi...
Software engineers currently rely on lengthy source code reviews, testing, and static analysis tools...
Inspections can be used to identify defects in software artifacts. In this way, inspection methods h...
Defects in requirement specifications can have severe consequences during the software development l...
Defects in requirements specifications can have severe consequences during the software development ...
The architecture design of a software system plays a crucial role in addressing security requirement...
Context: Security is a growing concern in many organizations. Industries developing software systems...
Although security inspections have proven to be a very efficient means for assuring software securit...
Thesis (Master's)--University of Washington, 2021Software development companies put a heavy investme...
Viewing security vulnerabilities as a specific type of software defect allows proven software engine...
Defects in requirements specifications can have severe consequences during the software development ...
The cost of fixing system vulnerabilities and the risk associated with vulnerabilities after system ...
The article deals with the issues of organizing software weaknesses by the software architect at the...
The quality assurance technique software inspection is often not sufficiently appreciated, especiall...