Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The current state of security -- Insights from the German software industry (2402.08436v3)

Published 13 Feb 2024 in cs.CR

Abstract: These days, software development and security go hand in hand. Numerous techniques and strategies are discussed in the literature that can be applied to guarantee the incorporation of security into the software development process. In this paper the main ideas of secure software development that have been discussed in the literature are outlined. Next, a dataset on implementation in practice is gathered through a qualitative interview research involving 20 companies. Trends and correlations in this dataset are found and contrasted with theoretical ideas from the literature. The results show that the organizations that were polled are placing an increasing focus on security. Although the techniques covered in the literature are being used in the real world, they are frequently not fully integrated into formal, standardized processes. The insights gained from our research lay the groundwork for future research, which can delve deeper into specific elements of these methods to enhance our understanding of their application in real-world scenarios.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. K. Simon. The value of open standards and open-source software in government environments. IBM Systems Journal, 44:227 – 238, 02 2005.
  2. Demystifying maintainability. In Proceedings of the 2006 International Workshop on Software Quality, WoSQ ’06, page 21–26, New York, NY, USA, 2006. Association for Computing Machinery.
  3. Cenk Aksoy. Critical success factors for cybersecurity just technical? exploring the role of human factors in cybersecurity management. 06 2023.
  4. What do we know about agile software development? Software, IEEE, 26:6 – 9, 11 2009.
  5. Secure software development methodologies: A multivocal literature review. 11 2022.
  6. Essential activities for secure software development. International Journal of Software Engineering and Applications, 11:1–14, 03 2020.
  7. Synopsys Inc. Synopsys.com. Last Access: Nov. 2023.
  8. Secure By Design. Manning, 2019.
  9. The Open Group. Security architecture and the adm. https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap21.html, 2011. last accessed: 13.10.2023.
  10. P. Salini and S. Kanmani. Survey and analysis on security requirements engineering. Computers and Electrical Engineering, 38(6):1785–1797, 2012.
  11. Systematic literature review on security risks and its practices in secure software development. IEEE Access, 10:5456–5481, 2022.
  12. Security quality requirements engineering (square) methodology. SIGSOFT Softw. Eng. Notes, 30(4):1–7, 2005.
  13. A framework for security requirements engineering. 05 2006.
  14. Extending xp practices to support security requirements engineering. pages 11–18, 05 2006.
  15. Dan Graham. Introduction to the clasp process. Build Security In, 2006.
  16. Steve Lipner. The trustworthy computing security development lifecycle. pages 2– 13, 01 2005.
  17. A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards and Interfaces, 29(2):244–253, 2007.
  18. Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering, 17(02):285–309, 2007.
  19. On the secure software development process: Clasp, sdl and touchpoints compared. Information and Software Technology, 51(7):1152–1171, 2009. Special Section: Software Engineering for Secure Systems.
  20. Threat modeling – a systematic literature review. Computers and Security, 84:53–69, 2019.
  21. Capturing security requirements for software systems. Journal of Advanced Research, 5(4):463–472, 2014. Cyber Security.
  22. A. Apvrille and M. Pourzandi. Secure software development by example. IEEE Security and Privacy, 3(4):10–17, 2005.
  23. Determination of weighting assessment on dread model using profile matching. International Journal of Advanced Computer Science and Applications, 9(10):68–72, 2018.
  24. Engineering security vulnerability prevention, detection, and response. IEEE Software, 35(5):76–80, 2018.
  25. Systematic mapping of the literature on secure software development. IEEE Access, 9:36852–36867, 2021.
  26. National Institute of Standards and Technology. National vulnerability database. Last Access: Nov. 2023.
  27. The MITRE Corporation. Cve. Last Access: Nov. 2023.
  28. The MITRE Corporation. Common weakness enumeration. Last Access: Nov. 2023.
  29. Identifying vulnerabilities using internet-wide scanning data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1–10, 2019.
  30. Software penetration testing. IEEE Security and Privacy, 3(1):84–87, 2005.
  31. Matt Bishop. About penetration testing. IEEE Security and Privacy, 5(6):84–87, 2007.
  32. Evaluating fuzz testing. CCS ’18, page 2123–2138, New York, NY, USA, 2018. Association for Computing Machinery.
  33. An overview on the static code analysis approach in software development. Faculdade de Engenharia da Universidade do Porto, Portugal, 2009.
  34. Alexandru G Bardas et al. Static code analysis. Journal of Information Systems and Operations Management, 4(2):99–107, 2010.
  35. Alissa Torres. Incident response: How to fight back. SANS Institute InfoSec Reading Room, 2014.
  36. Robin Ruefle. The role of computer security incident response teams in the software development life cycle. Technical Report AD1180041, Carnegie Mellon University, 8725 John J. Kingman Road, Fort Belvoir, VA 22060-6218, 2007.
  37. Software security patch management - a systematic literature review of challenges, approaches, tools and practices. Information and Software Technology, 144:106771, 2022.
  38. A survey and comparison of secure software development standards. In 2020 13th CMI Conference on Cybersecurity and Privacy (CMI) - Digital Transformation - Potentials and Challenges(51275), pages 1–6, 2020.
  39. Bundesamt für Sicherheit in der Informationstechnik. Iso 27001 zertifizierung auf basis von it-grundschutz. Last Access: Nov. 2023.
  40. Inc. OWASP Foundation. Owasp. Last Access: Nov. 2023.
  41. Bundesamt für Sicherheit in der Informationstechnik. Common criteria (cc) iso/iec 15408:2022. Last Access: Nov. 2023.
  42. C. Robson. Real World Research: A Resource for Users of Social Research Methods in Applied Settings. Wiley, 2011.
  43. Philipp Mayring. Qualitative inhaltsanalyse, volume 14. UVK Univ.-Verl. Konstanz, 1994.
  44. Grounded theory methodology: An overview. 1994.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now