By Topic

Towards a Secure Software Development Lifecycle with SQUARE+R

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yu, W.D. ; Comput. Eng. Dept., San Jose State Univ., San Jose, CA, USA ; Le, K.

Software security has been recognized to be an important trait for future software development, yet the adoption of a secure software development lifecycle has yet to be fully integrated into current software development models. This is due to immaturities in secure software development lifecycle models and the lengthy development time imposed by security. To further exacerbate the current rampant growth of software vulnerabilities, the future direction for software is moving rapidly into the web space. With the expansive use of Web Services a new attack space is opened. As mobile code increases so will the number of software bugs and vulnerabilities; hence the need for adopting a secure software development model. The need to build a knowledge base of common coding errors is important in exposing current vulnerabilities and preventing future vulnerabilities. In this paper, a study of the current growth of software vulnerabilities, the importance of a categorization tool, the SQUARE model, the evolution of the SQUARE model combined with the Risk Management Framework to produce the SQUARE+R model, and the adaptability of the SQUARE+R model to an agile development lifecycle are presented.

Published in:

Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual

Date of Conference:

16-20 July 2012