This paper presents the results obtained studying the prospective market of software security management systems in Russia that meet the requirements of national standards for secure software ...development. Basic national standards for secure software development in the context of software products certification are considered. The particulars of national and international standards harmonisation are addressed. Original conceptual models of secure software development are proposed. Statistical data on the introduction of safe procedures in serial production of information protection software is given. The peculiarities of the Russian market of secure software production are pointed out. The conclusion about the effectiveness and prospects of developing software security management systems as part of quality and information security management systems is made.
Meeting Industry Needs for Secure Software Development Mead, Nancy R.; Seshagiri, Girish; Howar, Julie
2016 IEEE 29th International Conference on Software Engineering Education and Training (CSEET),
04/2016
Conference Proceeding, Journal Article
In this paper, we describe a partnership between the Central Illinois Center of Excellence for Secure Software (CICESS) and Illinois Central College (ICC) that resulted in the creation of a two-year ...degree program in Secure Software Development. That program incorporated an apprenticeship model and the Software Engineering Institute's software assurance curriculum recommendations at the community college level. We describe the industry needs, the software assurance curriculum recommendations, how ICC implemented those recommendations, and the return on investment model presented to industry.
As time progresses, there is growth in the population of internet users, resulting in a rise in digital threats. Among these dangers, the prominence of phishing attacks has become a significant cause ...for concern due to their increasing frequency. The latest report from the Anti-Phising Working Group (APWG) stated that phishing attacks continued to increase from the third quarter of 2022 to the fourth quarter of 2022. This research contributes to reducing phishing attacks by providing convenience to the public in detecting phishing URLs through a secure mobile application. This study is the first to develop a secure mobile application for detecting phishing URLs using a deep learning-based detection method with the architecture of long short-term memory (LSTM) and gated recurrent unit (GRU). The application is developed using the secure software development lifecycle (SSDLC) agile scrum methodology. This method was selected due to the requirement for rapid and sustainable app development with potential threat mitigation. Threat mitigation is carried out through risk analysis, threat modeling, secure coding, and security testing. Based on the test results, the developed mobile application successfully mitigated 85.7% of potential threats, demonstrated robust security in its program codes, and exhibited 98.1% precision in detecting phishing URLs.
The Software-defined networking (SDN) is integrated into Low Earth Orbit (LEO) satellite for flexible and agile operation. This cutting-edge convergence has security risks that require detailed ...assessment. These security challenges include software vulnerabilities, compromised centralized control, security policies, open interfaces and APIs, protocol security, and authentication and authorization mechanisms. Therefore, we proposed an approach based on the Secure Software Development Life Cycle (SSDLC) to analyze and assess the security risk assessment of the LEO-SDN architecture. The security issues were investigated for LEO satellites with the SDN framework. The security of the software, the control mechanisms of SDN, and the inherent dynamics of LEO satellite networks were then assessed. The open interfaces in SDN and the communication protocol security between SDN and LEO were suggested.
Secure Software Developing Recommendations Grechko, Viktoria; Babenko, Tetiana; Myrutenko, Larysa
2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T),
2019-Oct.
Conference Proceeding
Adverse effects on information in the functioning computer systems of various purpose is carried out in order to violate their confidentiality, integrity and accessibility. These threats arise from ...software vulnerabilities and result in unauthorized access to data or leakage of sensitive information To solve this problem, firstly, an analysis of the software life cycle was carried out in order to determine the stages of software development. Secondly, taking into account the stages obtained, possible threats to information were identified. A buffer overflow vulnerability was considered as a basic example of a threat. Possible ways of exploiting this vulnerability are given, the pros and cons of detection and counteraction tools are analyzed. As a result, recommendations on the development of safe software are presented, both in general terms and more specific in order to avoid the buffer overflow vulnerability. Having using such recommendations, enterprises could reduce the risk of sensitive information breach and minimize outlane. The results obtained in the paper can also be used to make decisions about the possibility of operating the relevant software.
Towards Cooperative Games for Developing Secure Software in Agile SDLC Vaidhyanathan, Mithun; Si, Weisheng; Javadi, Bahman ...
2022 IEEE/ACIS 23rd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD),
2022-Dec.-7
Conference Proceeding
This work applies Game Theory to developing secure software. With the perspective of Game Theory, one can see secure software development as a game between software developers and software security ...engineers, who play this game repeatedly in processes such as agile Software Development Life Cycle (SDLC). The problem we observe is that there can be conflicts between these two players regarding who should find and fix certain software vulnerabilities. To solve this problem, our approach uses Mechanism Design in Game Theory to design games that enforce cooperation between these two players. In doing so, we identify the source of the conflicts between them by looking at the components of the software. These components may be the methods or functions in the software, or individual modules, or similar building blocks. The novelty of our work is that our mechanism constructs a game which allocates software components between these two players such that they work cooperatively while trying to maximize their own payoffs.
With the growing number of services on the Internet, the need for secure software development has increased. It is required for secure software development to consider security in the whole ...development life cycle. It is indispensable for secure software development to use various types of security knowledge. This study deals with security requirement analysis. Existing security requirements modeling systems do not provide a function to create an artifact while referring to security knowledge in an integrated manner. In this paper, the authors develop a modeling support system for a misuse case diagram that enables the association of knowledge with elements that constitute the diagram. The results of an experiment using the system show the system's usefulness in both the integration of the knowledge base with the artifact creation environment and the association of the knowledge with the elements of the diagram.
The security threats to software are increasing dramatically, and software security is non-negotiable in this age of information technology. AI-based tools can make code suggestions, improve ...developer productivity, and block insecure coding patterns for secure software development. In this paper, we analyze how GitHub Copilot provides AI assistants to erase code vulnerabilities and study how we should use AI assistants for secure software development.
PDF
