Security: Determining Factor for Software Quality

  • Francisco José Barreto Nunes UNIFOR
  • Arnaldo Dias Belchior UNIFOR
DOI: https://doi.org/10.5753/sbqs.2007.15581

Abstract


The increasing occurrence of security failures in software products alerts for the low quality of developed software. However, information security has a larger scope that can combine different quality aspects. A solution for this tendency of failures is to include activities usually applied in information security in a software development process. Therefore, this work proposes a process to deal software security quality: the Software Development Secure Process.

Keywords: Security Quality, Software Quality, Safe Software Development Process

References

Alberts, C. et al. (2001) “OCTAVE - The Operationally Critical Threat, Asset, and Vulnerability Evaluation”, Carnegie Mellon – Software Engineering Institute, www.cert.org/octave.

CERT. (2005), Coordination Center Statistics. http://www.cert.org/stats/cert_stats.html. Acesso em julho de 2006.

CLASP - Comprehensive, Lightweight Application Security Process. (2006) Versão 1.2. Disponível em: www.securesoftware.com/process/clasp .

Common Criteria (2005), Version 2.3, August 2005. Disponível em: http://www.commoncriteriaportal.org .

Howard, M.; LeBlanc D. (2002), Writing Secure Code, 2nd edition. Microsoft Press.

ISO/IEC 15408-1. (2005a) Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model.

ISO/IEC 15408-2. (2005b) Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements.

ISO/IEC 15408-3. (2005c) Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements.

ISO/IEC 21827. (2002) Information technology - Systems Security Engineering - Capability Maturity Model.

ISO/IEC 17799. (2005) Tecnologia da informação – Técnicas de segurança - Código de prática para a gestão da segurança da informação, ABNT, Rio de Janeiro.

ISSEA. (2003), International Systems Security Engineering Association. www.issea.org. Acesso em agosto de 2003.

McGraw, Gary (2004), Software Security, IEEE Security and Privacy, March/April 2004, páginas 32-35.

McGraw, G.; Viega, J., (2000), “Software Security Principles: Part 4. Keep it simple,

keep it private”. Disponível em: http://www-128.ibm.com/developerworks/security/library/s-simp.html . Acesso em maio de 2004.

Paulk et al. 1993 Paulk, Capability Maturity Model for Software. Version 1.1 (CMU/SEI-93-TR-024, ADA 263403). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1993.

SSE-CMM. (2003) System Security Engineering – Capability Maturity Model, Version 3, www.sse-cmm.org.
Published
2007-06-01
How to Cite

Select a Format
NUNES, Francisco José Barreto; BELCHIOR, Arnaldo Dias. Security: Determining Factor for Software Quality. In: BRAZILIAN SOFTWARE QUALITY SYMPOSIUM (SBQS), 6. , 2007, Porto de Galinhas. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2007 . p. 265-277. DOI: https://doi.org/10.5753/sbqs.2007.15581.