Chapter

Engineering Secure Future Internet Services and Systems

Volume 8431 of the series Lecture Notes in Computer Science pp 234-265

Evaluation of Engineering Approaches in the Secure Software Development Life Cycle

  • Marianne BuschAffiliated withInstitute for Informatics, Ludwig-Maximilians-Universität München
  • , Nora KochAffiliated withInstitute for Informatics, Ludwig-Maximilians-Universität München
  • , Martin WirsingAffiliated withInstitute for Informatics, Ludwig-Maximilians-Universität München

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Software engineers need to find effective methods, appropriate notations and tools that support the development of secure applications along the different phases of the Software Development Life Cycle (SDLC). Our evaluation approach, called SecEval, supports the search and comparison of these artifacts. SecEval comprises: (1) a workflow that defines the evaluation process, which can be easily customized and extended; (2) a security context model describing security features, methods, notations and tools; (3) a data collection model, which records how data is gathered when researchers or practitioners are looking for artifacts that solve a specific problem; (4) a data analysis model specifying how analysis, using previously collected data, is performed; and (5) the possibility to easily extend the models, which is exemplarily shown for risk rating and experimental approaches. The validation of SecEval was performed for tools in the web testing domain.