Ali, Azmzt ; Othmane, Lotfi Ben
:
Towards effective security assurance for incremental software development - the case of zen cart application,.
Proc. of the 11th International Conference on Availabil- ity, Reliability and Security (ARES)
[
Konferenzveröffentlichung]
, (2016)
Kurzbeschreibung (Abstract)
Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as ”The system is acceptably secure” is supported by objective evidence.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Ali, Azmzt ; Othmane, Lotfi Ben |
| Titel: | Towards effective security assurance for incremental software development - the case of zen cart application, |
| Sprache: | Deutsch |
| Kurzbeschreibung (Abstract): | Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as ”The system is acceptably secure” is supported by objective evidence. |
| Buchtitel: | Proc. of the 11th International Conference on Availabil- ity, Reliability and Security (ARES) |
| Freie Schlagworte: | Cloud Security;Secure Software Engineering Group;agile security, zen cart, incremental development |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren Profilbereiche LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| ID-Nummer: | TUD-CS-2016-0123 |
| Verwandte URLs: | |
| Export: |
Optionen (nur für Redakteure)
 |
Eintrag anzeigen |
Drucken
Impressum