Catalog of metrics for assessing security risks of software throughout the software development life cycle

Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Volumn , Issue , 2008, Pages 461-465

  Sultan, Khalid ^a   En Nouaary, Abdeslam ^a   Hamou Lhadj, Abdelwahab ^a  

^a Dept of Electrical and Computer Engineering   (Canada)

Author keywords

Design for security; Security metrics; Software development lifecycle; Software security

Indexed keywords

INFORMATION SERVICES; OCCUPATIONAL RISKS; PROCESS ENGINEERING; PROJECT MANAGEMENT; RISK ASSESSMENT; SOFTWARE DESIGN; SOFTWARE ENGINEERING;

DESIGN FOR SECURITY; SECURITY METRICS; SECURITY RISKS; SOFTWARE DEVELOPMENT LIFECYCLE; SOFTWARE SECURITY;

RISKS;

EID: 51349102117     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISA.2008.104     Document Type: Conference Paper

References (16)

1. G. McGraw, Software Security, Journal of IEEE Security and Privacy, 2004, 80-83.
2. th International Workshops on Enabling Technologies, 2003, 243-248.
3. J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley, 2002).
4. N. Davis, "Developing Secure Software", Software Tech News: Secure Software Engineering, 8(2), 2005.
5. M. Bishop, Computer Security: Art and Science (Addison-Wesley, 2002).
6. G. McGraw, Software Security: Building Security In (Addison-Wesley, 2006).
7. th Annual Conference on Information Security for South Africa, 2004.
8. M. Swanson, N. Bartol, J. Sabato, J. Hash, and L. Graffo, Security Metrics Guide for Information Technology Systems, NIST Special Publication 800-55, National Institute of Standards and Technology, 2003.
9. J. C. Munson, Software Engineering Measurement (Auerbach Publications, 2003).
10. S.C. Payne, A Guide to Security Metrics, SANS Security Essentials GSEC Practical Assignment, 2001.
11. R. Scandariato, B. D. Win, and W. Joosen, Towards a Measuring Framework for Security Properties of Software, In Proc. of the 2nd workshop on Quality of Protection, 2006, 27-30.
12. P. Goodman, Software Metrics: Best Practices for Successful IT Management (Rothstein Associates Inc., 2004).
13. S. A. Whitmine, Object Oriented Design Measurement (Wiley Computer Publications, 1997).
14. V. R. Basili, G. Caldiera and H. D. Rombach, Goal Question Metric Paradigm, In J. J. Marciniak (ed.), Encyclopedia of Software Engineering 1, New York: John Wiley & Sons, 1994, 528-532.
15. E. Haugh and M. Bishop, Testing C Programs for Buffer Overflow Vulnerabilities, In Proc. of the Network and Distributed System Security Symposium, 2003, 123-130.
16. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, In Proc. of the DARPA Information Survivability Conference and Exposition, 1999, 119-129.