By Topic

Security Engineering Approach to Support Software Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Francisco José Barreto Nunes ; Mestrado em Inf. Aplic., Univ. de Fortaleza, Fortaleza, Brazil ; Arnaldo Dias Belchior ; Adriano Bessa Albuquerque

As information security and privacy become increasingly important to organizations, the demand grows for software development processes that assure information integrity, availability, and confidentiality. Unfortunately, despite the investments made in process improvement, there is still no guarantee that the developed software products are protected from attacks or do not present security vulnerabilities. As soon as software products continue to present security flaws and be compromised by attacks, the Systems Security Engineering - Capability Maturity Model (SSE-CMM) becomes the de facto model to structure a software security approach. Moreover, security best practices, practical experience or international standards, like ISO/IEC 15408, should also be considered to support security engineering as they propose activities that can be adapted to enhance security in a software development process and contribute towards the overall software security. This paper proposes a security engineering approach to support software security through a specialized process that helps develop more secure software, entitled Process to Support Software Security (PSSS). In addition, one of PSSS's subprocess, Model Security Threat, is explained in detail. This paper also presents the results of the case study when the PSSS was first applied in a software development project as well as the preliminary results of a large project implementation.

Published in:

2010 6th World Congress on Services

Date of Conference:

5-10 July 2010