Software is an important resource. It contains and controls data and other resources. Thus measures must be taken to protect that data and resources. Thus Software Metrics are measurement of some properties of a piece of software or its specifications. Metrics are very important in Software Quality Measurement. Since Tom De Marco rightly stated “You can’t control what you can’t measure.” Softwa...

Due to constant pressure on software development team for development of workable software at a fast pace, the focus of the development team has always been on the functional requirements. As such, the identification and implementation of nonfunctional requirements, especially, security which otherwise is considered as a time consuming and quality providing process has always been neglected. Bu...

software security—remain blithely unaware of their critical role. Without their direct participation, software security will languish. In this installment of Building Security In, we describe a software security portal that the US Department of Homeland Security (DHS) National Cyber Security Division (NCSD) is developing (along with the Carnegie Mellon Software Engineering Institute [SEI] and C...

Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities base...

business units and thus not even practiced in a cohesive, coherent manner. In the worst cases, busy business unit executives trade roving bands of developers like Pokémon cards in a fifth-grade classroom (in an attempt to get ahead). Suffice it to say, none of this is good. The disconnect between security and development has ultimately produced software development efforts that lack any sort of...

The importance of Software Security has been evident, since it has been shown that most attacks to software systems are based on vulnerabilities caused by software poorly designed and developed. Furthermore, it has been discovered that it is desirable to embed security already at design phase. Therefore, patterns aiming at enhancing the security of a software system, called security patterns, h...

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justif...

Security refers the protection of software products from unauthorised access, alteration and destruction. Therefore, security requirement is a presently a major concern of software system and it is generally recommended to take care of security prior to software development process. Risk management is one of the most important aspects of security requirement engineering domain, which allows com...

Increasingly, the success of software systems depends largely on how their security requirements are satisfied. However, developers are challenged in implementing these requirements, mainly because of the gap between the specification and implementation, and the technical complexities of the current software infrastructures. Recently, Model-Driven Security has emerged as a new software developm...

Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Sec...