Abstract
The following document, presents and analyzes the Risks Analysis in the whole software development life cycle, framed like one of the recommended practices for secure software development. It present and compare a set of Risk Analysis methodologies and strategies, considering like criteria some classifications propose by different authors and the objectives that they persecute to orient them towards of evaluation criterion for the secure software development.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
N. Davis, W. Humphrey, S. Redwine, G. Zibulski, and G. McGraw, “Processes for producing secure software,” Security & Privacy Magazine IEEE, vol. 2, pp. 18–25 2004.
G. McGraw, “Software Security,” IEEE Security & Privacity, pp. 80–83, 2004.
B. R., “The Risks to System Quality Investing in Software Testing Series, Part 3.”
I. Sommerville, “Ingeniería de Software,” P. Education, Ed., 6 ed. México, 2002.
D. M. Verdon, G., “Risk analysis in software design,” IEEESecurity & Privacy Magazine, vol. 2, pp. 79–84, 2004.
G. McGraw, “From the ground up: the DIMACS software security workshop,” IEEE Security & Privacy Magazine, vol. 1, pp. 59–66, 2003.
B. M. Potter, G., “Software security testing,” IEEESecurity & Privacy Magazine, vol. 2, pp. 81–85, 2004.
J. A. Whittaker, “Software’s invisible users,” IEEE Software, vol. 19, pp. 84–88, 2001.
H. W. a. C. Wang, “Taxonomy of security considerations and software quality,” Communications of the ACM, vol. 46, pp. 75–78, 2003.
K. R. M. Van Wyk, G., “Bridging the gap between software development and information security,” Security & Privacy Magazine IEEE, vol. 3, pp. 75–79, 2005.
G. E. McGraw, “Risk Management Framework (RMF),” Cigital, Inc., 2005.
C. Alberts, Dorofee, A., Stevens, J., Woody, C, “Introduction to the OCTAVE Approach,” vol. Software Engineering Institute, 2003.
C. Alberts and A. Dorofee, Managing Information Security Risk. The OCTAVE Approach: Addison Wesley, 2005.
J. Mañas, “Pilar. Herramientas para el Análisis y la Gestión de Riesgos,” 2004.
D. P. P. Gilliam, J.D.; Kelly, J.C.; Bishop, M.;, “Reducing software security risk through an integrated approach,” Software Engineering Workshop, 2001. Proceedings. 26th Annual NASA Goddard, pp. 36–42 2001.
H., Failure Mode and Effect Analysis. FMEA from Theory to Execution, Second Edition ed.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Verdún, J.C., Hurtado, G.G., Caro, E.T., Zepeda, V.V. (2006). The risks analysis like a practice of secure software development. A revision of models and methodologies. In: Gaïti, D. (eds) Network Control and Engineering for Qos, Security and Mobility, V. NetCon 2006. IFIP International Federation for Information Processing, vol 213. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34827-8_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-34827-8_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-34825-4
Online ISBN: 978-0-387-34827-8
eBook Packages: Computer ScienceComputer Science (R0)