Improving Attention to Security in Software Design with Analytics and Cognitive Techniques

Submitted by grigby1 on Fri, 02/02/2018 - 1:27pm

Title	Improving Attention to Security in Software Design with Analytics and Cognitive Techniques
Publication Type	Conference Paper
Year of Publication	2017
Authors	Whitmore, J., Tobin, W.
Conference Name	2017 IEEE Cybersecurity Development (SecDev)
Keywords	automated tools, build security in, building security in, Buildings, chasm, cognitive techniques, composability, developer productivity, diverse development organization, encoding, Organizations, pubcrawl, Scalability, SDLC, Secure Design, secure development, secure engineering, secure software, security, security design, security engineering, security knowledge, security of data, social aspects of automation, Software, software assurance, software design, software development life cycle, software engineering, software security, Testing, Threat, Tools, Vulnerability
Abstract	There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software is an elusive goal for most. It requires every team to know and apply a wide range of security knowledge in the context of what software is being built, how the software will be used, and the projected threats in the environment where the software will operate. The drive for better outcomes for secure development and increased developer productivity led to experiments to augment developer knowledge and eventually realize the goal of "building the right security in".
URL	http://ieeexplore.ieee.org/document/8077801/
DOI	10.1109/SecDev.2017.16
Citation Key	whitmore_improving_2017

Groups:

Science of Security VO