An Ontology-Based Context Model for Managing Security Knowledge in Software Development

Software security has been the focus of the security community and practitioners over the past decades. Much security information is widely available in books, open literature or on the internet. We argue that the generated huge mass of information has resulted in a form of information overload to software engineers who usually finish reading it without being able to apply those principles clearly to their own application context. Our research tackles software security issues from a knowledge management perspective. In this paper, we present an ontology approach to model the knowledge of software security in a context- sensitive manner, supporting software engineers and learners to enable the correlation process between security domain knowledge and their working context. We also propose a web-based application for security knowledge sharing and learning where the ontology is adopted as the central knowledge repository

Ontology-based context-sensitive software security knowledge management modeling

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology

A Systematic Literature Review of The Role of Ontology in Modeling Knowledge in Software Development Processes

Ontologies in software development are explained as showing the properties of a subject area and how they are related to each other by defining a set of concepts and categories that represent the subject. It is used to determine the ambiguity in the software requirements specification. Although claimed to be beneficial, the software development communities are still unfamiliar with the role of Ontology in modeling knowledge in software development processes. Moreover, not much has been known about the role of Ontology in software engineering processes. Our goal is to map and explain the evidence about the role of Ontology in Modelling Knowledge and the challenge faced by the software engineering team to understand how far ontology can help them determine the ambiguity in modeling and software development processes. We conducted a systematic review of the literature published between 2012 and 2021 and identified 150 papers that discuss the role of ontology in modeling knowledge in software development processes. We formulated and applied specific inclusion and exclusion criteria in two rounds to determine the most relevant studies for our research goal. The review identified 22 practices that explain ontologies' primary role in software development processes. However, our findings suggest ontology's role in software engineering as a research context needs additional attention. A more empirical result is required to understand better the role of ontology in modeling knowledge in software development with non-functional requirements and self-organizing teams