Security Verification and Validation by Software SMEs: Theory versus Practice
نویسندگان
چکیده
To improve software engineering practice it is essential to observe the socio-technical realities that surround software development within an industrial context. There is a lack of empirical knowledge of security verification and validation practice within an SME context. When coupled with the recognised importance, and inherent complexities, of such practice, it appears fundamentally sound to understand the faced socio-technical realities to ensure continued process improvement and improved technology adoption and research guidance. Within this research-in-progress paper we highlight the importance of obtaining such an understanding.
منابع مشابه
Security V&V Within Software SMEs: A Socio-Technical Interaction Network Analysis
Within this paper we provide insight into how the activities associated with security verification and validation (V&V) are practiced, supported, and perceived, within software SMEs. We justify the importance of studying security V&V as a socio-technical activity and employ the Socio-Technical Interaction Network (STIN) framework when presenting the results of an industry-based empirical study....
متن کاملChecking probabilistic noninterference using JOANA
JOANA is a tool for software security analysis, checking up to 100kLOC of full multi-threaded Java. JOANA is based on sophisticated program analysis techniques and thus very precise. It includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations and has a nice GUI. The tool is open source and was applied in several case studies. The article pres...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملScott A. Smolka Research Statement
The primary focus of my research is the computer-aided verification and validation of computer systems, including concurrent and distributed systems; security, network and wireless protocols; software systems; biological systems; and safety-critical and embedded systems. Throughout my career I have been interested in both the computational complexity and algorithmica of verification, striving t...
متن کاملValidating Computer Security Methods: Meta-methodology for an Adversarial Science
Recent explorations on the science or theory of computer security have been hindered by its unique properties. We confront this by precisely defining those properties: that computer security is adversarial and engineered, and that because of this it is contextual. We use these definitions to address the practical question of how we can justify the validity of our methods. To answer this meta-me...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012