{"title":"从安全角度维护软件","authors":"Kanta Jiwnani, M. Zelkowitz","doi":"10.1109/ICSM.2002.1167766","DOIUrl":null,"url":null,"abstract":"Testing for software security is a lengthy, complex and costly process. Currently, security testing is done using penetration analysis and formal verification of security kernels. These methods are not complete and are difficult to use. Hence it is essential to focus testing effort in areas that have a greater number of security vulnerabilities to develop secure software as well as meet budget and time constraints. We propose a testing strategy based on a classification of vulnerabilities to develop secure and stable systems. This taxonomy will enable a system testing and maintenance group to understand the distribution of security vulnerabilities and prioritize their testing effort according to the impact the vulnerabilities have on the system. This is based on Landwehr's (1994) classification scheme for security flaws and we evaluated it using a database of 1360 operating system vulnerabilities. This analysis indicates vulnerabilities tend to be focused in relatively few areas and associated with a small number of software engineering issues.","PeriodicalId":385190,"journal":{"name":"International Conference on Software Maintenance, 2002. Proceedings.","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":"{\"title\":\"Maintaining software with a security perspective\",\"authors\":\"Kanta Jiwnani, M. Zelkowitz\",\"doi\":\"10.1109/ICSM.2002.1167766\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Testing for software security is a lengthy, complex and costly process. Currently, security testing is done using penetration analysis and formal verification of security kernels. These methods are not complete and are difficult to use. Hence it is essential to focus testing effort in areas that have a greater number of security vulnerabilities to develop secure software as well as meet budget and time constraints. We propose a testing strategy based on a classification of vulnerabilities to develop secure and stable systems. This taxonomy will enable a system testing and maintenance group to understand the distribution of security vulnerabilities and prioritize their testing effort according to the impact the vulnerabilities have on the system. This is based on Landwehr's (1994) classification scheme for security flaws and we evaluated it using a database of 1360 operating system vulnerabilities. This analysis indicates vulnerabilities tend to be focused in relatively few areas and associated with a small number of software engineering issues.\",\"PeriodicalId\":385190,\"journal\":{\"name\":\"International Conference on Software Maintenance, 2002. Proceedings.\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-10-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"42\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Software Maintenance, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSM.2002.1167766\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Software Maintenance, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSM.2002.1167766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Testing for software security is a lengthy, complex and costly process. Currently, security testing is done using penetration analysis and formal verification of security kernels. These methods are not complete and are difficult to use. Hence it is essential to focus testing effort in areas that have a greater number of security vulnerabilities to develop secure software as well as meet budget and time constraints. We propose a testing strategy based on a classification of vulnerabilities to develop secure and stable systems. This taxonomy will enable a system testing and maintenance group to understand the distribution of security vulnerabilities and prioritize their testing effort according to the impact the vulnerabilities have on the system. This is based on Landwehr's (1994) classification scheme for security flaws and we evaluated it using a database of 1360 operating system vulnerabilities. This analysis indicates vulnerabilities tend to be focused in relatively few areas and associated with a small number of software engineering issues.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
