research-article

Security by Design in Software Engineering

Author:
Mark Kreitz

Bundeswehr University Munich, Munich, Germany

Bundeswehr University Munich, Munich, Germany
View Profile

Authors Info & Claims

ACM SIGSOFT Software Engineering Notes Volume 44 Issue 3July 2019pp 23https://doi.org/10.1145/3356773.3356798

Published:22 October 2020Publication History

ACM SIGSOFT Software Engineering Notes

Abstract

Security is a non-functional requirement difficult-to-handle during software development. However, it appears to be common in software engineering, that security is taken care of during the design- and test-phase only. If security is neglected during the implementation phase, flaws will be introduced. Those may be - if at all - found during testing where the cost-to-fix is higher as if found during the implementation phase. Hence, this research proposal suggests to investigate the extent to which code analysis tools can be used as a step towards continuous security inspection in software engineering projects. By automating security testing in development flaws can be found as soon as they are introduced. This could greatly reduce the cost to fix flaws and help building more secure software.

Index Terms

Security by Design in Software Engineering
1. Software and its engineering
  1. Software creation and management
    1. Software development process management

Index terms have been assigned to the content through auto-classification.

Recommendations

Towards ensuring security by design in cyber-physical systems engineering processes
ICSSP '18: Proceedings of the 2018 International Conference on Software and System Process

Engineering cyber-physical systems secure by design requires engineers to consider security from the ground up. However, current systems engineering processes are not tailored to cyber-physical systems, or lack an integration with security engineering. ...
Read More
DLR secure software engineering: position and vision paper
SEAD '18: Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment

DLR as research organization increasingly faces the task to share its self-developed software with partners or publish openly. Hence, it is very important to harden the softwares to avoid opening attack vectors. Especially since DLR software is ...
Read More
Exploring Security Procedures in Secure Software Engineering: A Systematic Mapping Study
EASE '22: Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering

Various new technologies have developed as software security solutions have become more critical. One of the essential parts of software quality is the product's security. Though providing examples covering all phases of secure software development is ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGSOFT Software Engineering Notes Volume 44, Issue 3
July 2019
100 pages
ISSN:0163-5948
DOI:10.1145/3356773
Editors:
John Georgas
Northern Arizona University, USA
,
Dietmar Pfahl,
Will Tracz
Issue’s Table of Contents
Copyright © 2019 Copyright is held by the owner/author(s)
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 October 2020
Check for updates
Author Tags
application security testing
code analysis
secure software engineering
security by design
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 682
  Total Downloads
- Downloads (Last 12 months)130
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security by Design in Software Engineering

ACM SIGSOFT Software Engineering Notes

Abstract

Cited By

Index Terms

Recommendations

Towards ensuring security by design in cyber-physical systems engineering processes

DLR secure software engineering: position and vision paper

Exploring Security Procedures in Secure Software Engineering: A Systematic Mapping Study