The risks analysis like a practice of secure software development. A revision of models and methodologies

  • José Carrillo Verdún
  • Gloria Gasca Hurtado
  • Edmundo Tovar Caro
  • Vianca Vega Zepeda
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 213)

Abstract

The following document, presents and analyzes the Risks Analysis in the whole software development life cycle, framed like one of the recommended practices for secure software development. It present and compare a set of Risk Analysis methodologies and strategies, considering like criteria some classifications propose by different authors and the objectives that they persecute to orient them towards of evaluation criterion for the secure software development.

Keywords

Risk Analysis Software Development Secure Software Software Process Improvement Quality Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full conference paper text

References

  1. 1.
    N. Davis, W. Humphrey, S. Redwine, G. Zibulski, and G. McGraw, “Processes for producing secure software,” Security & Privacy Magazine IEEE, vol. 2, pp. 18–25 2004.CrossRefGoogle Scholar
  2. 2.
    G. McGraw, “Software Security,” IEEE Security & Privacity, pp. 80–83, 2004.Google Scholar
  3. 3.
    B. R., “The Risks to System Quality Investing in Software Testing Series, Part 3.”Google Scholar
  4. 4.
    I. Sommerville, “Ingeniería de Software,” P. Education, Ed., 6 ed. México, 2002.Google Scholar
  5. 5.
    D. M. Verdon, G., “Risk analysis in software design,” IEEESecurity & Privacy Magazine, vol. 2, pp. 79–84, 2004.CrossRefGoogle Scholar
  6. 6.
    G. McGraw, “From the ground up: the DIMACS software security workshop,” IEEE Security & Privacy Magazine, vol. 1, pp. 59–66, 2003.CrossRefGoogle Scholar
  7. 7.
    B. M. Potter, G., “Software security testing,” IEEESecurity & Privacy Magazine, vol. 2, pp. 81–85, 2004.CrossRefGoogle Scholar
  8. 8.
    J. A. Whittaker, “Software’s invisible users,” IEEE Software, vol. 19, pp. 84–88, 2001.CrossRefGoogle Scholar
  9. 9.
    H. W. a. C. Wang, “Taxonomy of security considerations and software quality,” Communications of the ACM, vol. 46, pp. 75–78, 2003.CrossRefGoogle Scholar
  10. 10.
    K. R. M. Van Wyk, G., “Bridging the gap between software development and information security,” Security & Privacy Magazine IEEE, vol. 3, pp. 75–79, 2005.Google Scholar
  11. 11.
    G. E. McGraw, “Risk Management Framework (RMF),” Cigital, Inc., 2005.Google Scholar
  12. 12.
    C. Alberts, Dorofee, A., Stevens, J., Woody, C, “Introduction to the OCTAVE Approach,” vol. Software Engineering Institute, 2003.Google Scholar
  13. 13.
    C. Alberts and A. Dorofee, Managing Information Security Risk. The OCTAVE Approach: Addison Wesley, 2005.Google Scholar
  14. 14.
    J. Mañas, “Pilar. Herramientas para el Análisis y la Gestión de Riesgos,” 2004.Google Scholar
  15. 15.
    D. P. P. Gilliam, J.D.; Kelly, J.C.; Bishop, M.;, “Reducing software security risk through an integrated approach,” Software Engineering Workshop, 2001. Proceedings. 26th Annual NASA Goddard, pp. 36–42 2001.Google Scholar
  16. 16.
    H., Failure Mode and Effect Analysis. FMEA from Theory to Execution, Second Edition ed.Google Scholar

Copyright information

© International Federation for Information Processing 2006

Authors and Affiliations

  • José Carrillo Verdún
    • 1
  • Gloria Gasca Hurtado
    • 1
  • Edmundo Tovar Caro
    • 1
  • Vianca Vega Zepeda
    • 2
  1. 1.Departamento de Lenguajes y Sistemas Informáticos e Ingeniería de SoftwareUniversidad Politécnica de MadridMadridEspaña
  2. 2.Departamento de Ingeniería de Sistemas y ComputaciónUniversidad Católica del NorteAntofagastaChile

Personalised recommendations