Affiliation:
1. Software Security Anti-patterns Research Group (SSA-RG), Facultad de Ingeniería de Sistemas, Escuela Politécnica Nacional, Quito 170525, Ecuador
2. Escuela de Ingeniería en Ciberseguridad, Facultad de Ingeniería y Ciencias Aplicadas, Universidad de Las Américas, Quito 170125, Ecuador
Abstract
Software development stands out as one of the most rapidly expanding markets due to its pivotal role in crafting applications across diverse sectors like healthcare, transportation, and finance. Nevertheless, the sphere of cybersecurity has also undergone substantial growth, underscoring the escalating significance of software security. Despite the existence of different secure development frameworks, the persistence of vulnerabilities or software errors remains, providing potential exploitation opportunities for malicious actors. One pivotal contributor to subpar security quality within software lies in the neglect of cybersecurity requirements during the initial phases of software development. In this context, the focal aim of this study is to analyze the importance of integrating security modeling by software developers into the elicitation processes facilitated through the utilization of abuse stories. To this end, the study endeavors to introduce a comprehensive and generic model for a secure software development process. This model inherently encompasses critical elements such as new technologies, human factors, and the management of security for the formulation of abuse stories and their integration within Agile methodological processes.
Funder
Escuela Politécnica Nacional from Ecuador
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference40 articles.
1. Security Magazine (2023, August 10). Poor Software Costs the US 2.4 Trillion, Security Magazine RSS. Available online: https://www.securitymagazine.com/articles/98685-poor-software-costs-the-us-24-trillion.
2. Islam, S., and Falcarin, P. (2011, January 1–2). Measuring security requirements for software security. Proceedings of the 2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS), London, UK.
3. Software security;McGraw;IEEE Secur. Priv.,2004
4. Sametinger, J. (2013, January 22–24). Software Security. Proceedings of the 2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS), Scottsdale, AZ, USA.
5. Byers, D., and Shahmehri, N. (2007, January 10–13). Design of a Process for Software Security. Proceedings of the Second International Conference on Availability, Reliability and Security (ARES’07), Vienna, Austria.