Developing secure software is still a software engineering challenge because of the complexity of software security. Yet integrating security engineering and software engineering is increasingly important, especially for serviceoriented applications, as they are exposed to new security challenges due to their open nature. Current security engineering approaches do not consider existing security...

Software developers can use agile software development methods to build secure information systems. Current agile methods have few explicit security features. While several discrete security methods can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security technique...

The number of security flaws in software is a costly problem. In 2004 more than ten new security vulnerabilities were found in commercial and open source software every day. More accurate and consistent security requirements could be a driving force towards more secure software. In a field study of eleven software projects including e-business, health care and military applications we have docu...

Security is a challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development life cycle to more efficiently integrate security into software. To this end, we present in this paper an aspect-oriented modeling approach for specifying and integrating security solutions into UML design models. The proposed approach c...

Software selection is an important consideration in managing the information security function. Open source software is touted by proponents as being robust to many of the security problems that seem to plague proprietary software. This study empirically investigates specific security characteristics of open source and proprietary operating system software. Software vulnerability data spanning ...

Federal agencies install many security controls for Federal Information Security Management Act (FISMA) implementation. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 (rev4) standardizes these security and privacy controls. This article presents a study of NIST SP 800-53 security controls. The purpose is to classify the security controls from di...

~ b s m c t the functions of software-defined radio (SDR) can be changed by changing its software. Therefore, many security problems that have never been seen in the conventional fixed wireless terminals will arise. We assess the security issues of the SDR system by taking the distribution model of SDR terminal software into account. A universal security architecture for the SDR systems is prop...