Covering your assets in software engineering

ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Volumn , Issue , 2008, Pages 1172-1179

  Jaatun, Martin Gilje ^a   Tøndel, Inger Anne ^a  

^a SINTEF   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

ENGINEERING PROJECTS; INTERNATIONAL CONFERENCES; SECURITY REQUIREMENTS;

TECHNOLOGY;

SOFTWARE ENGINEERING;

EID: 49049100941     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2008.8     Document Type: Conference Paper

References (16)

1. I. A. Tøndel, M. G. Jaatun, and P.H. Meland, "Security requirements for the rest of us: A survey," IEEE Software, vol. 25, no. 1, 2008.
2. B. Schneier, "Attack Trees - Modeling security threats," Dr. Dobb's Journal, July 2001. [Online]. Available: http://www.ddj.com/ 184411129
3. Secure Software Inc. (2005) The CLASP Application Security Process. Secure Software Inc. [Online]. Available: http://www.securesoflware.com/ solulions/clasp.html
4. S. Lipner and M. Howard. (2005) The Trustworthy Computing Security Development Lifecycle. Microsoft. [Online]. Available: http: //msdn2.microsoft.com/en-us/library/ms995349.aspx
5. C. B. Haley, R. Laney, J. D. Moffett, and B. Nuseibeh, "Security requirements engineering: A framework for representation and analysis," IEEE Transactions on Software Engineering, vol. (to appear), 2007.
6. G. Boström, J. Wäyrynen, M. Bodén, K. Beznosov, and P. Kruchten, "Extending XP practices to support security requirements engineering," in SESS '06: Proceedings of the 2006 international workshop on Software engineering for secure systems. New York, NY, USA: ACM Press, 2006, pp. 11-18.
7. F. Swidersky and W. Snyder, Threat Modeling. Microsoft Professional, 2004.
8. I. Flechais, C. Mascolo, and M. A. Sasse, "Integrating security and usability into the requirements and design process," International Journal of Electronic Security and Digital Forensics, vol. 1, no. 1, pp. 12-26, 2007. [Online]. Available: hllp://inderscience. metapress.com/link.asp? id=j32 v 167864556552
9. R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, "Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process," CMU/SEI, Tech. Rep. CMU/SEI-2007-TR-012, 2007. [Online]. Available: http://www.cert.org/archive/pdf/07tr012.pdf
10. R. A. Caralli, "The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management," CMU/SEI, Tech. Rep. CMU/SEI-2004-TR-010, 2004. [Online]. Available: hllp://www.sei.cmu.edu/ publicalions/documents/04.reports/04tr010.html
11. T. Dybå, T. Dingsøyr, and N. B. Moe, Praktisk prosessforbedring - En håndbok for IT-bedrifter. Fagbokforlaget, 2002.
12. M. Aiken, M. Vanjani, and J. Paolillo, "A comparison of two electronic idea generation techniques," Information & Management, vol. 30, no. 2, pp. 91-99, 1996. [Online]. Available: http://www.sciencedirect.com/science/article/B6VD0-3VVVRD2-5/2/ e3a232f84f07347c8c8bd7ae65314dcf
13. C. E. Wilson, "Brainstorming pitfalls and best practices," interactions, vol. 13, no. 5, pp. 50-63, 2006.
14. D. M. Richie, "The Development of the C Language," in Second ACM History of Programming Languages Conference, April 1993.
15. (2007) SODA - a Security-Oriented Software Development Framework. SINTEF ICT. [Online]. Available: http://www.sintef.no/soda
16. M. J. Ranum, "Thinking about firewalls," in Proceed ings of Second International Conference on Systems and Network Security and Management (SANS-II), April 1994.