Towards evaluation of security assurance during the software development lifecycle

Ilkka Uusitalo, Kaarina Karppinen, Pasi Ahonen, Heimo Pentikäinen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    1 Citation (Scopus)

    Abstract

    It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationInternational Conference on Availability, Reliability and Security, ARES 2009
    Place of PublicationUS
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages817-822
    ISBN (Print)978-1-4244-3572-2, 978-0-7695-3564-7
    DOIs
    Publication statusPublished - 2009
    MoE publication typeA4 Article in a conference publication
    EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Japan
    Duration: 16 Mar 200919 Mar 2009

    Conference

    ConferenceInternational Conference on Availability, Reliability and Security, ARES 2009
    CountryJapan
    CityFukuoka
    Period16/03/0919/03/09

    Fingerprint

    Software engineering

    Cite this

    Uusitalo, I., Karppinen, K., Ahonen, P., & Pentikäinen, H. (2009). Towards evaluation of security assurance during the software development lifecycle. In Proceedings: International Conference on Availability, Reliability and Security, ARES 2009 (pp. 817-822). US: IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ARES.2009.124
    Uusitalo, Ilkka ; Karppinen, Kaarina ; Ahonen, Pasi ; Pentikäinen, Heimo. / Towards evaluation of security assurance during the software development lifecycle. Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US : IEEE Institute of Electrical and Electronic Engineers , 2009. pp. 817-822
    @inproceedings{e623f9171c494f6d92f90425871b9e7a,
    title = "Towards evaluation of security assurance during the software development lifecycle",
    abstract = "It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)",
    author = "Ilkka Uusitalo and Kaarina Karppinen and Pasi Ahonen and Heimo Pentik{\"a}inen",
    note = "Project code: 6739",
    year = "2009",
    doi = "10.1109/ARES.2009.124",
    language = "English",
    isbn = "978-1-4244-3572-2",
    pages = "817--822",
    booktitle = "Proceedings",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Uusitalo, I, Karppinen, K, Ahonen, P & Pentikäinen, H 2009, Towards evaluation of security assurance during the software development lifecycle. in Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. IEEE Institute of Electrical and Electronic Engineers , US, pp. 817-822, International Conference on Availability, Reliability and Security, ARES 2009, Fukuoka, Japan, 16/03/09. https://doi.org/10.1109/ARES.2009.124

    Towards evaluation of security assurance during the software development lifecycle. / Uusitalo, Ilkka; Karppinen, Kaarina; Ahonen, Pasi; Pentikäinen, Heimo.

    Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US : IEEE Institute of Electrical and Electronic Engineers , 2009. p. 817-822.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Towards evaluation of security assurance during the software development lifecycle

    AU - Uusitalo, Ilkka

    AU - Karppinen, Kaarina

    AU - Ahonen, Pasi

    AU - Pentikäinen, Heimo

    N1 - Project code: 6739

    PY - 2009

    Y1 - 2009

    N2 - It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)

    AB - It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline. (14 refs.)

    U2 - 10.1109/ARES.2009.124

    DO - 10.1109/ARES.2009.124

    M3 - Conference article in proceedings

    SN - 978-1-4244-3572-2

    SN - 978-0-7695-3564-7

    SP - 817

    EP - 822

    BT - Proceedings

    PB - IEEE Institute of Electrical and Electronic Engineers

    CY - US

    ER -

    Uusitalo I, Karppinen K, Ahonen P, Pentikäinen H. Towards evaluation of security assurance during the software development lifecycle. In Proceedings: International Conference on Availability, Reliability and Security, ARES 2009. US: IEEE Institute of Electrical and Electronic Engineers . 2009. p. 817-822 https://doi.org/10.1109/ARES.2009.124