Software Security

  title={Software Security},
  author={Gary McGraw},
  journal={Datenschutz und Datensicherheit - DuD},
  • G. McGraw
  • Published 1 March 2004
  • Computer Science
  • Datenschutz und Datensicherheit - DuD
Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Plenty of progress has been made in the field of software security since its inception in 2001. A number of best practices including the Touchpoints have been identified and put into common use. In addition, the BSIMM1 project has devised a way to measure and compare large scale software security initiatives. 

Software Security

  • J. Sametinger
  • Computer Science
    2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS)
  • 2013
This chapter considers security terminology, security bugs, security flaws, and mitigation issues in the context of software security.

Knowledge for Software Security

These are the kinds of security knowledge that can provide a solid foundation for software security practices and play a central role in encapsulating and spreading the emerging discipline more efficiently.

Software Security Maturity in Public Organisations

The findings suggest that public organisations in Norway excel at Compliance and Policy activities when developing their own code, but that there is a large potential for improvement with respect to Metrics, Penetration testing, and Training of developers in secure software development.

Software Penetration Testing

Quality assurance and testing organizations are tasked with the broad objective of assuring that a software application fulfills its functional business requirements, but security testing doesn't directly fit into this paradigm.

A Normative Software Security Testing Approach Based on Threat-Modeling

A normative software security testing approach based on threat-modeling is proposed and is found to be more practicable and normative so that it has a good scalability.

Software Security Testing

By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed and provide a higher level of software security assurance than is possible with classical black-box testing.

A Survey on Software Security Testing Techniques

This article briefs a survey on software security techniques, which highlights the importance of testing the correctness and competence of security functions implemented by software, which are most frequently verified through requirements-based testing.

Adopting a Software Security Improvement Program

By following some commonsense steps, a software security improvement program has a greater chance of achieving its ultimate goal: software security that makes business sense.

Static Analysis for Security

This work looks at how to automate source-code security analysis with static analysis tools and finds a simple and efficient way to do so.

Software Security Specifications and Design: How Software Engineers and Practitioners Are Mixing Things up

This research represents a corrective study that sheds light on what has been achieved in analyzing and designing secure software and what are the problems committed and how to handle them.



Testing for security during development: why we should scrap penetrate-and-patch

  • G. McGraw
  • Computer Science
    Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance
  • 1997
A case is made for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code, based on the generally held belief that a large proportion of security violations result from errors introduced during software development.

Inside the Windows Security Push

The Microsoft Windows development team spent two months in 2002 analyzing product design, code, and documentation to fix security issues and developed a new process and several lessons learned for future projects.

Point/Counterpoint: Security Band-Aids: More Cost-Effective than "Secure" Coding / Building Secure Software: Better than Protecting Bad Software

Software is the biggest problem in computer security today. Most organizations invest in security by buying and maintaining a firewall, but they go on to let anybody access multiple Internet-enabled

From the Ground Up: The DIMACS Software Security Workshop

  • G. McGraw
  • Computer Science
    IEEE Secur. Priv.
  • 2003
The DIMACS Software Security Workshop held in New Jersey explored issues such as security engineering, architecture and implementation risks, security analysis, mobile and malicious code, education

Exploiting Software: How to Break Code

This book discusses Reverse Engineering and Program Understanding, Reverse Engineering Tools and Concepts, and Buffer Overflows and Embedded Systems, as well as Specific Techniques and Attacks for Server Software.

A call to action look beyond the horizon

This article is a call to arms to the research community to look toward the future, and think beyond buffer overruns, code levels, and the horizon.

Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと

It’s time to get used to the idea that there is no such thing as a “slow cooker”.

Trustworthy Yet? Information Security Magazine, Feb

  • Trustworthy Yet? Information Security Magazine, Feb
  • 2003