research-article

Costing Secure Software Development: A Systematic Mapping Study

Authors:

Barry BoehmAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 9, Pages 1 - 11

https://doi.org/10.1145/3339252.3339263

Published: 26 August 2019 Publication History

Abstract

Building more secure software is a recent concern for software engineers due to increasing incidences of data breaches and other types of cyber attacks. However, software security, through the introduction of specialized practices in the software development life cycle, leads to an increase in the development cost. Although there are many studies on software cost models, few address the additional costs required to build secure software. We conducted a systematic review in the form of a mapping study to classify and analyze the literature related to the impact of security in software development costs. Our search strategy strove to achieve high completeness by the identification of a quasi-gold-standard set of papers, which we then used to establish a search string and retrieve papers from research databases automatically. The application of inclusion/exclusion criteria resulted in a final set of 54 papers, which were categorized according to the approach to software security cost analysis. Perform Security Review, Apply Threat Modeling, and Perform Security Testing were the three most frequent activities related to cost, and Common Criteria was the most applied standard. We also identified ten approaches to estimating software security costs for development projects; however, their validation remains a challenge, which could be addressed in future studies.

References

[1]

N. A. S. Abdullah, R. Abdullah, M. H. Selamat, and A. Jaafar. 2010. Extended function point analysis prototype with security costing estimation. In 2010 International Symposium on Information Technology, Vol. 3. 1297--1301.

[2]

Nur Atiqah Sia Abdullah, Rusli Abdullah, Mohd Hasan Selamat, and Azmi Jaafar. 2011. User Acceptance for Extended Function Point Analysis in Software Security Costing. In Software Engineering and Computer Systems (ICSECS). Springer, Berlin, Heidelberg, 346--360.

[3]

Jenny Abramov, Arnon Sturm, and Peretz Shoval. 2012. Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment. Information and Software Technology 54, 9 (Sept. 2012), 1029--1043.

Digital Library

[4]

J. Arunagiri, S. Rakhi, and K. P. Jevitha. 2016. A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities. SpringerLink (2016), 99--112.

[5]

Tigist Ayalew, Tigist Kidane, and Bengt Carlsson. 2013. Identification and Evaluation of Security Activities in Agile Projects. In Secure IT Systems (Lecture Notes in Computer Science), Hanne Riis Nielson and Dieter Gollmann (Eds.). Springer Berlin Heidelberg, 139--153.

Digital Library

[6]

D. Baca, M. Boldt, B. Carlsson, and A. Jacobsson. 2015. A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting. In 2015 10th International Conference on Availability, Reliability and Security. 11--19.

Digital Library

[7]

Dejan Baca and Bengt Carlsson. 2011. Agile Development with Security Engineering Activities. In Proceedings of the 2011 International Conference on Software and Systems Process (ICSSP '11). ACM, New York, NY, USA, 149--158.

Digital Library

[8]

Dejan Baca, Bengt Carlsson, and Lars Lundberg. 2008. Evaluating the Cost Reduction of Static Code Analysis for Software Security. In Proceedings of the Third ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '08). ACM, New York, NY, USA, 79--88.

Digital Library

[9]

Dejan Baca, Bengt Carlsson, Kai Petersen, and Lars Lundberg. 2013. Improving software security with static automated code analysis in an industry setting. Software: Practice and Experience 43, 3 (March 2013), 259--279.

[10]

Dejan Baca and Kai Petersen. 2010. Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec). In Product-Focused Software Process Improvement (PROFES). Springer, Berlin, Heidelberg, 176--190.

Digital Library

[11]

Dejan Baca and Kai Petersen. 2013. Countermeasure graphs for software security risk assessment: An action research. Journal of Systems and Software 86, 9 (2013), 2411--2428.

Digital Library

[12]

D. A. Barbosa and S. Sampaio. 2015. Guide to the Support for the Enhancement of Security Measures in Agile Projects. In 2015 6th Brazilian Workshop on Agile Methods (WBMA). 25--31.

[13]

Saleem Basha and Dhavachelvan Ponnurangam. 2010. Analysis of Empirical Software Effort Estimation Models. International Journal of Computer Science and Information Security 7, 3 (April 2010), 68--77. http://arxiv.org/abs/1004.1239arXiv: 1004.1239.

[14]

Punam Bedi, Vandana Gandotra, Archana Singhal, Himanshi Narang, and Sumit Sharma. 2013. Mitigating Multi-threats Optimally in Proactive Threat Management. SIGSOFT Softw. Eng. Notes 38, 1 (Jan. 2013), 1--7.

Digital Library

[15]

Barry Boehm, Chris Abts, and Sunita Chulani. 2000. Software development cost estimation approaches --- A survey. Annals of Software Engineering 10, 1 (Nov. 2000), 177--205.

Digital Library

[16]

B. Boehm and V. R. Basili. 2001. Top 10 list {software development}. Computer 34, 1 (Jan. 2001), 135--137.

Digital Library

[17]

Barry W. Boehm. 1981. Software Engineering Economics (1 edition ed.). Prentice Hall, Englewood Cliffs, N.J.

Digital Library

[18]

Amiangshu Bosu, Jeffrey C. Carver, Munawar Hafiz, Patrick Hilley, and Derek Janni. 2014. Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, New York, NY, USA, 257--268.

Digital Library

[19]

S. A. Butler. 2002. Security attribute evaluation method: a cost-benefit approach. In Proceedings of the 24th International Conference on Software Engineering. ICSE 2002. 232--240.

Digital Library

[20]

D. Byers and N. Shahmehri. 2009. Prioritisation and Selection of Software Security Activities. In 2009 International Conference on Availability, Reliability and Security. 201--207.

[21]

B. Carlsson and D. Baca. 2005. Software security analysis - execution phase audit. In 31st EUROMICRO Conference on Software Engineering and Advanced Applications. 240--247.

Digital Library

[22]

S. Chandra, R. A. Khan, and A. Agrawal. 2009. Security Estimation Framework: Design Phase Perspective. In 2009 Sixth International Conference on Information Technology: New Generations. 254--259.

Digital Library

[23]

Golriz Chehrazi, Irina Heimbach, and Oliver Hinz. 2016. The Impact of Security by Design on the Success of Open Source Software. In ECIS 2016 Proceedings. 18. http://aisel.aisnet.org/ecis2016_rp/179

[24]

Raoul Chiesa and Marco De Luca Saggese. 2016. Data Breaches, Data Leaks, Web Defacements: Why Secure Coding Is Important. Proceedings of 4th International Conference in Software Engineering for Defence Applications (2016), 261--271.

[25]

Ed Colbert and Dr Barry Boehm. 2008. Cost Estimation for Secure Software & Systems. In ISPA/SCEA 2008 Joint International Conference. The Netherlands, 9.

[26]

Daniela S. Cruzes and T. Dybå. 2011. Recommended Steps for Thematic Synthesis in Software Engineering. In 2011 International Symposium on Empirical Software Engineering and Measurement. 275--284.

Digital Library

[27]

Carlo Marcelo Revoredo da Silva, Jose Lutiano Costa da Silva, Ricardo Batista Rodrigues, Leandro Marques do Nascimento, and Vinicius Cardoso Garcia. 2013. Systematic Mapping Study On Security Threats in Cloud Computing. arXiv:1303.6782 {cs} (March 2013). http://arxiv.org/abs/1303.6782 arXiv: 1303.6782.

[28]

Salma Dammak, Faiza Ghozzi Jedidi, and Faiez Gargouri. 2016. Quantifying Security in Web ETL Processes. In Risks and Security of Internet and Systems (Lecture Notes in Computer Science), Costas Lambrinoudakis and Alban Gabillon (Eds.). Springer International Publishing, 160--173.

[29]

Stanislav Dashevskyi, Achim D. Brucker, and Fabio Massacci. 2016. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product. In Engineering Secure Software and Systems. Springer, Cham, 190--206.

Digital Library

[30]

G. Deepa and P. Santhi Thilagam. 2016. Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology 74 (June 2016), 160--180.

Digital Library

[31]

G. Georg, K. Anastasakis, B. Bordbar, S. H. Houmb, I. Ray, and M. Toahchoodee. 2010. Verification and Trade-Off Analysis of Security Properties in UML System Models. IEEE Transactions on Software Engineering 36, 3 (May 2010), 338--356.

Digital Library

[32]

Matteo Giacalone, Federica Paci, Rocco Mammoliti, Rodolfo Perugino, Fabio Massacci, and Claudio Selli. 2014. Security triage: an industrial case study on the effectiveness of a lean methodology to identify security requirements. In Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement - ESEM '14. ACM Press, Torino, Italy, 1--8.

Digital Library

[33]

Spyros T. Halkidis, Alexander Chatzigeorgiou, and George Stephanides. 2009. Moving from Requirements to Design Confronting Security Issues: A Case Study. In On the Move to Meaningful Internet Systems: OTM 2009 (Lecture Notes in Computer Science), Robert Meersman, Tharam Dillon, and Pilar Herrero (Eds.). Springer Berlin Heidelberg, 798--814.

Digital Library

[34]

Saman Hedayatpour, Nazri Kama, and Suriayati Chuprat. 2014. Analyzing Security Aspects during Software Design Phase using Attack-based Analysis Model. International Journal of Software Engineering and Its Applications (2014), 14.

[35]

Daniel Hein and Hossein Saiedian. 2009. Secure Software Engineering: Learning from the Past to Address Future Challenges. Information Security Journal: A Global Perspective 18, 1 (Feb. 2009), 8--25.

Digital Library

[36]

Chad Heitzenrater, Rainer Bohme, and Andrew Simpson. 2016. The Days Before Zero Day: Investment Models for Secure Software Engineering. 14.

[37]

Chad Heitzenrater and Andrew Simpson. 2016. A Case for the Economics of Secure Software Development. In Proceedings of the 2016 New Security Paradigms Workshop (NSPW '16). ACM, New York, NY, USA, 92--105.

Digital Library

[38]

C. Heitzenrater and A. Simpson. 2016. Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements. In 2016 11th International Conference on Availability, Reliability and Security (ARES). 572--581.

[39]

C. Heitzenrater and A. Simpson. 2016. Software Security Investment: The Right Amount of a Good Thing. In 2016 IEEE Cybersecurity Development (SecDev). 53--59.

[40]

Chad D Heitzenrater. 2017. Software Security Investment Modelling for Decision-Support. Ph.D. Dissertation. University of Oxford, Oxford. https://ora.ox.ac.uk/catalog/uuid:64ddd45e-87ab-4c92-a085-df2d0d4e22e0/download_file?file_format=pdf&safe_filename=2018.07.12-Dissertation-Heitzenrater-CORRECTIONS.pdf&type_of_work=Thesis

[41]

S. H. Houmb, G. Georg, R. France, J. Bieman, and J. Jurjens. 2005. Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05). 195--204.

Digital Library

[42]

Ali Idri, Mohamed Hosni, and Alain Abran. 2016. Systematic literature review of ensemble effort estimation. Journal of Systems and Software 118, Supplement C (Aug. 2016), 151--175.

Digital Library

[43]

Yurina Ito, Hironori Washizaki, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Atsuo Hazeyama, Nobukazu Yoshioka, and Eduardo B. Fernandez. 2015. Systematic Mapping of Security Patterns Research. In Proceedings of the 22Nd Conference on Pattern Languages of Programs (PLoP '15). The Hillside Group, USA, 14:1--14:10. http://dl.acm.org/citation.cfm?id=3124497.3124514event-place: Pittsburgh, Pennsylvania.

Digital Library

[44]

M. Jorgensen and M. Shepperd. 2007. A Systematic Review of Software Development Cost Estimation Studies. IEEE Transactions on Software Engineering 33, 1 (Jan. 2007), 33--53.

Digital Library

[45]

G. Jourdan. 2007. Securing Large Applications Against Command Injections. In 2007 41st Annual IEEE International Carnahan Conference on Security Technology. 69--78.

[46]

N. F. Khan and N. Ikram. 2016. Security Requirements Engineering: A Systematic Mapping (2010-2015). In 2016 International Conference on Software Security and Assurance (ICSSA). 31--36.

[47]

Barbara Kitchenham and Pearl Brereton. 2013. A systematic review of systematic review process research in software engineering. Information and Software Technology 55, 12 (Dec. 2013), 2049--2075.

Digital Library

[48]

Barbara Ann Kitchenham, David Budgen, and Pearl Brereton. 2015. Evidence-Based Software Engineering and Systematic Reviews (1 edition ed.). Chapman and Hall/CRC, Boca Raton.

Digital Library

[49]

B. A. Kitchenham, E. Mendes, and G. H. Travassos. 2007. Cross versus Within-Company Cost Estimation Studies: A Systematic Review. IEEE Transactions on Software Engineering 33, 5 (May 2007), 316--329.

Digital Library

[50]

Leanid Krautsevich, Fabio Martinelli, and Artsiom Yautsiukhin. 2010. Formal Approach to Security Metrics.: What Does "More Secure" Mean for You?. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume (ECSA '10). ACM, New York, NY, USA, 162--169.

Digital Library

[51]

R. Kuhn, M. Raunak, and R. Kacker. 2017. It Doesn't Have to Be Like This: Cybersecurity Vulnerability Trends. IT Professional 19, 6 (Nov. 2017), 66--70.

[52]

Taeho Lee, Taewan Gu, and Jongmoon Baik. 2014. MND-SCEMP: an empirical study of a software cost estimation modeling process in the defense domain. Empirical Software Engineering 19, 1 (Feb. 2014), 213--240.

Digital Library

[53]

G. McGraw. 2004. Software security. IEEE Security Privacy 2, 2 (March 2004), 80--83.

Digital Library

[54]

Gary McGraw. 2006. Software Security: Building Security In (1 edition ed.). Addison-Wesley Professional, Upper Saddle River, NJ.

Digital Library

[55]

A. Mohammad, J. Alqatawna, and M. Abushariah. 2017. Secure software engineering: Evaluation of emerging trends. In 2017 8th International Conference on Information Technology (ICIT). 814--818.

[56]

Nabil M. Mohammed, Mahmood Niazi, Mohammad Alshayeb, and Sajjad Mahmood. 2017. Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards & Interfaces 50 (Feb. 2017), 107--115.

Digital Library

[57]

Patrick Morrison, Benjamin H. Smith, and Laurie Williams. 2017. Surveying Security Practice Adherence in Software Development. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp (HoTSoS). ACM, New York, NY, USA, 85--94.

Digital Library

[58]

Stephan Neuhaus, Thomas Zimmermann, Christian Holler, and Andreas Zeller. 2007. Predicting Vulnerable Software Components. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). ACM, New York, NY, USA, 529--540.

Digital Library

[59]

Phu H. Nguyen, Max Kramer, Jacques Klein, and Yves Le Traon. 2015. An extensive systematic review on the Model-Driven Development of secure systems. Information and Software Technology 68 (Dec. 2015), 62--81.

Digital Library

[60]

Mohammed M. Olama and James Nutaro. 2013. Secure it now or secure it later: the benefits of addressing cyber-security from the outset. In Cyber Sensing 2013, Vol. 8757. International Society for Optics and Photonics, 87570L.

[61]

Lotfi Ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker. 2017. Time for Addressing Software Security Issues: Prediction Models and Impacting Factors. Data Science and Engineering 2, 2 (June 2017), 107--124.

[62]

Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker, and Philip Miseldine. 2015. Factors Impacting the Effort Required to Fix Security Vulnerabilities. In Information Security. Springer, Cham, 102--119.

Digital Library

[63]

Lotfi ben Othmane, Rohit Ranchal, Ruchith Fernando, Bharat Bhargava, and Eric Bodden. 2015. Incorporating attacker capabilities in risk estimation and mitigation. Computers & Security 51 (2015), 41--61.

Digital Library

[64]

Keun-Young Park, Sang-Guun Yoo, and Juho Kim. 2011. Security Requirements Prioritization Based on Threat Modeling and Valuation Graph. In Convergence and Hybrid Information Technology, Vol. 206. Springer Berlin Heidelberg, Berlin, Heidelberg, 142--152.

[65]

David A. Patterson. 2005. 20th Century vs. 21st Century C&C: The SPUR Manifesto. Commun. ACM 48, 3 (March 2005), 15--16.

Digital Library

[66]

J. Peeters and P. Dyson. 2007. Cost-Effective Security. IEEE Security Privacy 5, 3 (May 2007), 85--87.

Digital Library

[67]

M. Razzazi, M. Jafari, S. Moradi, H. Sharifipanah, M. Damanafshan, K. Fayazbakhsh, and A. Nickabadi. 2006. Common Criteria Security Evaluation: A Time and Cost Effective Approach. In 2006 2nd International Conference on Information Communication Technologies, Vol. 2. 3287--3292.

[68]

Donald J. Reifer, Barry W. Boehm, and Murali Gangadharan. 2003. Estimating the Cost of Security for COTS Software. In COTS-Based Software Systems. Springer, Berlin, Heidelberg, 178--186.

Digital Library

[69]

Kalle Rindell, Sami Hyrynsalmi, and Ville Leppänen. 2015. A Comparison of Security Assurance Support of Agile Software Development Methods. In Proceedings of the 16th International Conference on Computer Systems and Technologies (CompSysTech '15). ACM, New York, NY, USA, 61--68.

Digital Library

[70]

K. Rindell, S. Hyrynsalmi, and V. Leppänen. 2016. Case Study of Security Development in an Agile Environment: Building Identity Management for a Government Agency. In 2016 11th International Conference on Availability, Reliability and Security (ARES). 556--563.

[71]

Pilar Rodríguez, Alireza Haghighatkhah, Lucy Ellen Lwakatare, Susanna Teppola, Tanja Suomalainen, Juho Eskeli, Teemu Karvonen, Pasi Kuvaja, June M. Verner, and Markku Oivo. 2017. Continuous deployment of software intensive products and services: A systematic mapping study. Journal of Systems and Software 123 (Jan. 2017), 263--291.

[72]

Y. Shin, A. Meneely, L. Williams, and J. A. Osborne. 2011. Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities. IEEE Transactions on Software Engineering 37, 6 (Nov. 2011), 772--787.

Digital Library

[73]

Yonghee Shin and Laurie Williams. 2011. An Initial Study on the Use of Execution Complexity Metrics As Indicators of Software Vulnerabilities. In Proceedings of the 7th International Workshop on Software Engineering for Secure Systems (SESS '11). ACM, New York, NY, USA, 1--7.

Digital Library

[74]

Yonghee Shin and Laurie Williams. 2013. Can traditional fault prediction models be used for vulnerability prediction? Empirical Software Engineering 18, 1 (Feb. 2013), 25--59.

[75]

F. Shull, V. Basili, B. Boehm, A. W. Brown, P. Costa, M. Lindvall, D. Port, I. Rus, R. Tesoriero, and M. Zelkowitz. 2002. What we have learned about fighting defects. In Proceedings Eighth IEEE Symposium on Software Metrics. 249--258.

Digital Library

[76]

Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, and Wouter Joosen. 2017. Design notations for secure software: a systematic literature review. Software & Systems Modeling 16, 3 (July 2017), 809--831.

Digital Library

[77]

Dilani Wickramaarachchi and Richard Lai. 2017. Effort estimation in global software development - a systematic review. Computer Science and Information Systems 14, 2 (2017), 393--421. http://www.doiserbia.nb.rs/Article.aspx?ID=1820-02141700007W&AspxAutoDetectCookieSupport=1

[78]

Laurie Williams. 2010. Agile Software Development Methodologies and Practices. In Advances in Computers, Marvin V. Zelkowitz (Ed.). Advances in Computers, Vol. Volume 80. Elsevier, 1--44. http://www.sciencedirect.com/science/article/pii/S0065245810800014

[79]

Laurie Williams, Michael Gegick, and Andrew Meneely. 2009. Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer. In Engineering Secure Software and Systems (Lecture Notes in Computer Science), Fabio Massacci, Samuel T. Redwine, and Nicola Zannone (Eds.). Springer Berlin Heidelberg, 122--134.

Digital Library

[80]

L. Williams, A. Meneely, and G. Shipley. 2010. Protection Poker: The New Software Security "Game";. IEEE Security Privacy 8, 3 (May 2010), 14--20.

Digital Library

[81]

Claes Wohlin. 2014. Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering (EASE '14). ACM, New York, NY, USA, 38:1--38:10.

Digital Library

[82]

L. Yang, X. Li, and Y. Yu. 2017. VulDigger: A Just-in-Time and Cost-Aware Tool for Digging Vulnerability-Contributing Changes. In GLOBECOM 2017 - 2017 IEEE Global Communications Conference. 1--7.

[83]

Ye Yang, Jing Du, and Qing Wang. 2015. Shaping the Effort of Developing Secure Software. Procedia Computer Science 44 (2015), 609--618.

[84]

He Zhang, Muhammad Ali Babar, and Paolo Tell. 2011. Identifying relevant studies in software engineering. Information and Software Technology 53, 6 (June 2011), 625--637.

Digital Library

[85]

J. Zheng, J. Wan, Y. Ren, and H. Guo. 2012. A jump-diffusion approach to modelling software security investment. In 2012 Fifth International Conference on Business Intelligence and Financial Engineering. 274--278.

Digital Library

Cited By

Venson EClark BBoehm B(2024)The effects of required security on software development effortJournal of Systems and Software10.1016/j.jss.2023.111874207:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.jss.2023.111874
Khalid ARaza MAfsar PKhan RMohmand MRahman H(2024)A SWOT Analysis of Software Development Life Cycle Security MetricsJournal of Software: Evolution and Process10.1002/smr.2744Online publication date: 27-Nov-2024
https://doi.org/10.1002/smr.2744
Marjanovic JDalcekovic NSladic G(2023)Blockchain-based model for tracking compliance with security requirementsComputer Science and Information Systems10.2298/CSIS210923060M20:1(359-380)Online publication date: 2023
https://doi.org/10.2298/CSIS210923060M
Show More Cited By

Index Terms

Costing Secure Software Development: A Systematic Mapping Study
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software implementation planning

Recommendations

The effects of required security on software development effort
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings

Problem: developers are increasingly adopting security practices in software projects in response to cyber threats. Despite the additional effort required to perform those practices, current cost models either do not consider security as an input or ...
Software security in agile software development: a literature review of challenges and solutions
XP '18: Proceedings of the 19th International Conference on Agile Software Development: Companion

There has been a surge in number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus there is a need to ensure that security-related tasks are effectively ...
Guidelines for secure software development
SAICSIT '08: Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology

It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
718
Total Downloads

Downloads (Last 12 months)55
Downloads (Last 6 weeks)10

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Venson EClark BBoehm B(2024)The effects of required security on software development effortJournal of Systems and Software10.1016/j.jss.2023.111874207:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.jss.2023.111874
Khalid ARaza MAfsar PKhan RMohmand MRahman H(2024)A SWOT Analysis of Software Development Life Cycle Security MetricsJournal of Software: Evolution and Process10.1002/smr.2744Online publication date: 27-Nov-2024
https://doi.org/10.1002/smr.2744
Marjanovic JDalcekovic NSladic G(2023)Blockchain-based model for tracking compliance with security requirementsComputer Science and Information Systems10.2298/CSIS210923060M20:1(359-380)Online publication date: 2023
https://doi.org/10.2298/CSIS210923060M
Sparks HGhosh K(2023)NUVER: Network Based Vulnerability Visualizer2023 IEEE 30th Annual Software Technology Conference (STC)10.1109/STC58598.2023.00010(16-19)Online publication date: 25-Sep-2023
https://doi.org/10.1109/STC58598.2023.00010
Rauf IPetre MTun TLopez TNuseibeh B(2023)Security Thinking in Online Freelance Software Development2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS)10.1109/ICSE-SEIS58686.2023.00008(13-24)Online publication date: May-2023
https://doi.org/10.1109/ICSE-SEIS58686.2023.00008
Glasauer C(2023)The Prevent-ModelJournal of Systems and Software10.1016/j.jss.2022.111548195:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.jss.2022.111548
Ardo ABass JGaber T(2023)Implications of regulatory policy for building secure agile software in Nigeria: A grounded theoryTHE ELECTRONIC JOURNAL OF INFORMATION SYSTEMS IN DEVELOPING COUNTRIES10.1002/isd2.1228589:6Online publication date: 18-Jun-2023
https://doi.org/10.1002/isd2.12285
Ardagna CBena Nde Pozuelo R(2022)Bridging the Gap Between Certification and Software DevelopmentProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3539012(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3539012
Hu BXu SCao ZZhou M(2022)Safety-Guaranteed and Development Cost- Minimized Scheduling of DAG Functionality in an Automotive SystemIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2020.303060723:4(3074-3086)Online publication date: Apr-2022
https://doi.org/10.1109/TITS.2020.3030607
Khan RKhan SAlzahrani MIlyas M(2022)Security Assurance Model of Software Development for Global Software Development VendorsIEEE Access10.1109/ACCESS.2022.317830110(58458-58487)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3178301
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents