By Topic

The Road to Hell is Paved with Good Intentions: A Story of (In)secure Software Development

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Richard Sasson ; Norwegian Univ. of Sci. & Technol. (NTNU), Trondheim, Norway ; Martin Gilje Jaatun ; Jostein Jensen

In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compliant with legal frameworks applicable to the healthcare domain. This security design was fed as input to the development team,which implemented the system. However, our assessment revealed a software platform with severe security weaknesses and vulnerabilities, demonstrating pitfalls that are, or should be, well known. Our experience re-confirms that security must be built as an intrinsic software property and emphasizes the need for security awareness throughout the whole software development lifecycle.

Published in:

Availability, Reliability, and Security, 2010. ARES '10 International Conference on

Date of Conference:

15-18 Feb. 2010