Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6156 LNCS, Issue , 2010, Pages 176-190

  Baca, Dejan ^a,b   Petersen, Kai ^a,b  

^a BLEKINGE INSTITUTE OF TECHNOLOGY   (Sweden)

^b ERICSSON RESEARCH   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK TREE; COST-EFFICIENCY; END-PRODUCTS; NOVEL METHODS; OPEN-SOURCE; PRIORITIZATION; QUALITY ASPECTS; SOFTWARE SECURITY; SOFTWARE SYSTEMS; THREATS AND ATTACKS;

COMPUTER SOFTWARE;

EID: 77955439747     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-13792-1_15     Document Type: Conference Paper

References (16)

1. Frühwirth, C.: On business-driven it security management and mismatches between security requirements in firms, industry standards and research work. In: Proceedings of the 10th International Conference on Product-Focused Software Process Improvement (PROFES 2009), pp. 375-385 (2009)
2. McGraw, G.: Software security: building security in. Addison-Wesley, Upper Saddle River (2006)
3. Baca, D., Carlsson, B., Lundberg, L.: Evaluating the cost reduction of static code analysis for software security. In: Proceedings of the International Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 79-88 (2008)
4. Baca, D., Petersen, K., Carlsson, B., Lundberg, L.: Static code analysis to detect software security vulnerabilities - does experience matter? In: Proceedings of the The 4th International Conference on Availability, Reliability and Security (ARES 2009), pp. 804-810 (2009)
5. Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press, Redmond, Washington (2003)
6. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235-248. Springer, Heidelberg (2006)
7. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)
8. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186-198. Springer, Heidelberg (2006)
9. Damm, L.O., Lundberg, L., Wohlin, C.: Faults-slip-through - a concept for measuring the efficiency of the test process. Software Process: Improvement and Practice 11(1), 47-59 (2006)
10. Peltier, T.R.: Information security risk analysis. Auerbach, Boca Raton (2001)
11. Schneier, B.: Attack trees. Dr. Dobb's Journal 24(12), 21-29 (1999)
12. Viega, J., McGraw, G.: Building secure software: how to avoid security problems the right way. Addison-Wesley, Reading (2002)
13. Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Small Coll. 23(4), 124-131 (2008)
14. Hederstierna, A.: Decisions Under Uncertainty - The Usefulness of an Indi.erence Method for Analysis of Dominance. EFI The Economic Research Institute, Stockholm School of Economics (1981)
15. Kontio, J.: Risk management in software development: A technology overview and the riskit method. In: Proceedings of the IEEE International Conference on Software Engineering (ICSE 1999), pp. 679-680 (1999)
16. Berander, P., Svahnberg, M.: Evaluating two ways of calculating priorities in requirements hierarchies - an experiment on hierarchical cumulative voting. Journal of Systems and Software 82(5), 836-850 (2009)