Biblio
Filters: Keyword is software security engineering [Clear All Filters]
.
2021. Towards Visual Analytics Dashboards for Provenance-driven Static Application Security Testing. 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). :42–46.
The use of static code analysis tools for security audits can be time consuming, as the many existing tools focus on different aspects and therefore development teams often use several of these tools to keep code quality high and prevent security issues. Displaying the results of multiple tools, such as code smells and security warnings, in a unified interface can help developers get a better overview and prioritize upcoming work. We present visualizations and a dashboard that interactively display results from static code analysis for “interesting” commits during development. With this, we aim to provide an effective visual analytics tool for code security analysis results.
.
2016. Security Engineering Risk Analysis (SERA). Proceedings of the 3rd International Workshop on Software Engineering Research and Industrial Practice. :23–24.
In this presentation, I describe how the SEI's Security Engineering Risk Analysis (SERA) method provides a structure that connects desired system functionality with the underlying software to evaluate the sufficiency of requirements for software security and the potential operational security risks based on mission impact.