291,063 research outputs found
A model for integrating information security into the software development life cycle
It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Therefore, information security has become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. However, a common weakness that is inherent in the traditional software development methodologies is the lack of attention given to the security aspects of software development. Most of these methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. Meaningful security can be achieved when information security issues are considered as part of a routine development process, and security safeguards are integrated into the software application throughout its life cycle. This, in turn, will lead to users being more confident to use software applications, and to entrust today's computer systems with their personal information. To build better or more secure software, an improved software development process is required. Security of a software application must be based on the risk associated with the application. In order to understand this risk, the relevant information assets need to be identified together with their threats and vulnerabilities. Therefore, security considerations provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. This research project presents a Secure Software Development Model (SecSDM) for incorporating information security into all phases of the SDLC, from requirements gathering to systems maintenance. The SecSDM is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model
Software reliability and dependability: a roadmap
Shifting the focus from software reliability to user-centred measures of dependability in complete software-based systems. Influencing design practice to facilitate dependability assessment. Propagating awareness of dependability issues and the use of existing, useful methods. Injecting some rigour in the use of process-related evidence for dependability assessment. Better understanding issues of diversity and variation as drivers of dependability. Bev Littlewood is founder-Director of the Centre for Software Reliability, and Professor of Software Engineering at City University, London. Prof Littlewood has worked for many years on problems associated with the modelling and evaluation of the dependability of software-based systems; he has published many papers in international journals and conference proceedings and has edited several books. Much of this work has been carried out in collaborative projects, including the successful EC-funded projects SHIP, PDCS, PDCS2, DeVa. He has been employed as a consultant t
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Safety-Critical Systems and Agile Development: A Mapping Study
In the last decades, agile methods had a huge impact on how software is
developed. In many cases, this has led to significant benefits, such as quality
and speed of software deliveries to customers. However, safety-critical systems
have widely been dismissed from benefiting from agile methods. Products that
include safety critical aspects are therefore faced with a situation in which
the development of safety-critical parts can significantly limit the potential
speed-up through agile methods, for the full product, but also in the
non-safety critical parts. For such products, the ability to develop
safety-critical software in an agile way will generate a competitive advantage.
In order to enable future research in this important area, we present in this
paper a mapping of the current state of practice based on {a mixed method
approach}. Starting from a workshop with experts from six large Swedish product
development companies we develop a lens for our analysis. We then present a
systematic mapping study on safety-critical systems and agile development
through this lens in order to map potential benefits, challenges, and solution
candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced
Applications 2018, Prague, Czech Republi
Ethical and Social Aspects of Self-Driving Cars
As an envisaged future of transportation, self-driving cars are being
discussed from various perspectives, including social, economical, engineering,
computer science, design, and ethics. On the one hand, self-driving cars
present new engineering problems that are being gradually successfully solved.
On the other hand, social and ethical problems are typically being presented in
the form of an idealized unsolvable decision-making problem, the so-called
trolley problem, which is grossly misleading. We argue that an applied
engineering ethical approach for the development of new technology is what is
needed; the approach should be applied, meaning that it should focus on the
analysis of complex real-world engineering problems. Software plays a crucial
role for the control of self-driving cars; therefore, software engineering
solutions should seriously handle ethical and social considerations. In this
paper we take a closer look at the regulative instruments, standards, design,
and implementations of components, systems, and services and we present
practical social and ethical challenges that have to be met, as well as novel
expectations for software engineering.Comment: 11 pages, 3 figures, 2 table
Recommended from our members
Assessing the Risk due to Software Faults: Estimates of Failure Rate versus Evidence of Perfection.
In the debate over the assessment of software reliability (or safety), as applied to critical software, two extreme positions can be discerned: the ‘statistical’ position, which requires that the claims of reliability be supported by statistical inference from realistic testing or operation, and the ‘perfectionist’ position, which requires convincing indications that the software is free from defects. These two positions naturally lead to requiring different kinds of supporting evidence, and actually to stating the dependability requirements in different ways, not allowing any direct comparison. There is often confusion about the relationship between statements about software failure rates and about software correctness, and about which evidence can support either kind of statement. This note clarifies the meaning of the two kinds of statement and how they relate to the probability of failure-free operation, and discusses their practical merits, especially for high required reliability or safety
Project Quality of Offshore Virtual Teams Engaged in Software Requirements Analysis: An Exploratory Comparative Study
The off-shore software development companies in countries such as India use a global delivery model in which initial requirement analysis phase of software projects get executed at client locations to leverage frequent and deep interaction between user and developer teams. Subsequent phases such as design, coding and testing are completed at off-shore locations. Emerging trends indicate an increasing interest in off-shoring even requirements analysis phase using computer mediated communication. We conducted an exploratory research study involving students from Management Development Institute (MDI), India and Marquette University (MU), USA to determine quality of such off-shored requirements analysis projects. Our findings suggest that project quality of teams engaged in pure off-shore mode is comparable to that of teams engaged in collocated mode. However, the effect of controls such as user project monitoring on the quality of off-shored projects needs to be studied further
- …