Towards evaluation of security assurance during the software development lifecycle

Ilkka Uusitalo, Kaarina Karppinen, Pasi Ahonen, Heimo Pentikäinen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

1 Citation (Scopus)

Abstract

It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationInternational Conference on Availability, Reliability and Security, ARES 2009
Place of PublicationUS
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages817-822
ISBN (Print)978-1-4244-3572-2, 978-0-7695-3564-7
DOIs
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication
EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Japan
Duration: 16 Mar 200919 Mar 2009

Conference

ConferenceInternational Conference on Availability, Reliability and Security, ARES 2009
CountryJapan
CityFukuoka
Period16/03/0919/03/09

Fingerprint

Software engineering

Cite this

Uusitalo, I., Karppinen, K., Ahonen, P., & Pentikäinen, H. (2009). Towards evaluation of security assurance during the software development lifecycle. In Proceedings: International Conference on Availability, Reliability and Security, ARES 2009 (pp. 817-822). US: IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ARES.2009.124
Uusitalo, Ilkka ; Karppinen, Kaarina ; Ahonen, Pasi ; Pentikäinen, Heimo. / Towards evaluation of security assurance during the software development lifecycle. Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US : IEEE Institute of Electrical and Electronic Engineers , 2009. pp. 817-822
@inproceedings{e623f9171c494f6d92f90425871b9e7a,
title = "Towards evaluation of security assurance during the software development lifecycle",
abstract = "It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)",
author = "Ilkka Uusitalo and Kaarina Karppinen and Pasi Ahonen and Heimo Pentik{\"a}inen",
note = "Project code: 6739",
year = "2009",
doi = "10.1109/ARES.2009.124",
language = "English",
isbn = "978-1-4244-3572-2",
pages = "817--822",
booktitle = "Proceedings",
publisher = "IEEE Institute of Electrical and Electronic Engineers",
address = "United States",

}

Uusitalo, I, Karppinen, K, Ahonen, P & Pentikäinen, H 2009, Towards evaluation of security assurance during the software development lifecycle. in Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. IEEE Institute of Electrical and Electronic Engineers , US, pp. 817-822, International Conference on Availability, Reliability and Security, ARES 2009, Fukuoka, Japan, 16/03/09. https://doi.org/10.1109/ARES.2009.124

Towards evaluation of security assurance during the software development lifecycle. / Uusitalo, Ilkka; Karppinen, Kaarina; Ahonen, Pasi; Pentikäinen, Heimo.

Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US : IEEE Institute of Electrical and Electronic Engineers , 2009. p. 817-822.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Towards evaluation of security assurance during the software development lifecycle

AU - Uusitalo, Ilkka

AU - Karppinen, Kaarina

AU - Ahonen, Pasi

AU - Pentikäinen, Heimo

N1 - Project code: 6739

PY - 2009

Y1 - 2009

N2 - It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)

AB - It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)

U2 - 10.1109/ARES.2009.124

DO - 10.1109/ARES.2009.124

M3 - Conference article in proceedings

SN - 978-1-4244-3572-2

SN - 978-0-7695-3564-7

SP - 817

EP - 822

BT - Proceedings

PB - IEEE Institute of Electrical and Electronic Engineers

CY - US

ER -

Uusitalo I, Karppinen K, Ahonen P, Pentikäinen H. Towards evaluation of security assurance during the software development lifecycle. In Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US: IEEE Institute of Electrical and Electronic Engineers . 2009. p. 817-822 https://doi.org/10.1109/ARES.2009.124