Abstract
The concept of risk as a measure for the potential of gaining or losing something of value has successfully been applied in software quality engineering for years, e.g., for risk-based test case prioritization, and in security engineering, e.g., for security requirements elicitation. In practice, both, in software quality engineering and in security engineering, risks are typically assessed manually, which tends to be subjective, non-deterministic, error-prone and time-consuming. This often leads to the situation that risks are not explicitly assessed at all and further prevents that the high potential of assessed risks to support decisions is exploited. However, in modern data-intensive environments, e.g., open online environments, continuous software development or IoT, the online, system or development environments continuously deliver data, which provides the possibility to now automatically assess and utilize software and security risks. In this paper we first discuss the concept of risk in software quality and security engineering. Then, we provide two current examples from software quality engineering and security engineering, where data-driven risk assessment is a key success factor, i.e., risk-based continuous software quality engineering in continuous software development and risk-based security data extraction and processing in the open online web.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gerrard, P., Thompson, N.: Risk-Based E-business Testing. Artech House Publishers, Norwood (2002)
Felderer, M., Ramler, R.: Integrating risk-based testing in industrial test processes. Softw. Qual. J. 22(3), 543–575 (2014)
Felderer, M., Schieferdecker, I.: A taxonomy of risk-based testing. Int. J. Softw. Tools Technol. Transf. 16(5), 559–568 (2014)
Felderer, M., Ramler, R.: A multiple case study on risk-based testing in industry. Int. J. Softw. Tools Technol. Transf. 16(5), 609–625 (2014)
Felderer, M., Ramler, R.: Risk orientation in software testing processes of small and medium enterprises: an exploratory and comparative study. Softw. Qual. J. 24(3), 519–548 (2016)
Wendland, M.F., Kranz, M., Schieferdecker, I.: A systematic approach to risk-based testing using risk-annotated requirements models. In: ICSEA 2012, pp. 636–642 (2012)
Potter, B., McGraw, G.: Software security testing. IEEE Secur. Priv. 2(5), 81–85 (2004)
Alberts, C., Woody, C., Dorofee, A.: Introduction to the security engineering risk analysis (SERA) framework. Technical report, Carnegie Mellon University Software Engineering Institute, Pittsburgh, Pennsylvania (2014)
ISO: ISO 31000 - Risk Management (2018). http://www.iso.org/iso/home/standards/iso31000.htm
Haisjackl, C., Felderer, M., Breu, R.: Riscal-a risk estimation tool for software engineering purposes. In: 2013 39th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), pp. 292–299. IEEE (2013)
Auer, F., Felderer, M.: Current state of research on continuous experimentation: a systematic mapping study. In: EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA 2018). IEEE (2018)
Felderer, M., Pekaric, I.: Research challenges in empowering agile teams with security knowledge based on public and private information sources (2017)
MITRE: Common vulnerabilities and exposures. https://cve.mitre.org/
Andre, D.: Malware information sharing platform. http://www.misp-project.org/
Chockalingam, S., Hadžiosmanović, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 50–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_5
Felderer, M., Zech, P., Breu, R., Büchler, M., Pretschner, A.: Model-based security testing: a taxonomy and systematic classification. Softw. Test. Verif. Reliab. 26(2), 119–148 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Felderer, M. (2018). Risk-based Software Quality and Security Engineering in Data-intensive Environments. In: Dang, T., Küng, J., Wagner, R., Thoai, N., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2018. Lecture Notes in Computer Science(), vol 11251. Springer, Cham. https://doi.org/10.1007/978-3-030-03192-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-03192-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03191-6
Online ISBN: 978-3-030-03192-3
eBook Packages: Computer ScienceComputer Science (R0)