Towards evaluation of security assurance during the software development lifecycle

Ilkka Uusitalo, Kaarina Karppinen, Pasi Ahonen, Heimo Pentikäinen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    1 Citation (Scopus)

    Abstract

    It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationInternational Conference on Availability, Reliability and Security, ARES 2009
    Place of PublicationUS
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages817-822
    ISBN (Print)978-1-4244-3572-2, 978-0-7695-3564-7
    DOIs
    Publication statusPublished - 2009
    MoE publication typeA4 Article in a conference publication
    EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Japan
    Duration: 16 Mar 200919 Mar 2009

    Conference

    ConferenceInternational Conference on Availability, Reliability and Security, ARES 2009
    CountryJapan
    CityFukuoka
    Period16/03/0919/03/09

    Fingerprint Dive into the research topics of 'Towards evaluation of security assurance during the software development lifecycle'. Together they form a unique fingerprint.

    Cite this