Abstract
More and more companies tend to use secure products as COTS to develop their secure systems due to resource limitations. The security concerns add more complexity as well as potential risks to COTS selection process, and it is always a great challenge for developers to make the selection decisions. In this paper, we provide a method for security risk analysis in COTS based development (CBD) based on Common Criteria and our previous work in identifying general risk items for CBD. The research result provides useful insights for developers in identifying security risks, so that it can be used to aid for the COTS selection decision.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Devanbu, P., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: The Future of Software Engineering. Special volume of the proceedings of the 22nd International Conference on Software Engieering – ICSE 2000 (June 2000)
Kontio, J.: A Case Study in Applying a Systematic Method for COTS Selection. In: Proceedings of the 18th international conference on Software engineering, Berlin, Germany (May 1996)
Brownsword, L., Oberndorf, T., Sledge, C.: Developing New Processes for COTS-Based Systems. IEEE Software (July/August 2000)
Lindqvist, U., Jonsson, E.: A Map of Security Risks Associated with Using COTS. In Computer 31(6), 60–66 (1998)
Common Criteria for Evaluation Criteria for IT Security V2.1. ISO/IEC 15408, National Institute of Standards and Technology (1999)
Yang, Y., Boehm, B., Wu, D.: COCOTS Risk Analyzer. In: ICCBSS 2006, Orlando, USA (February 2006) (accepted)
Colbert, E., Wu, D., Chen, Y., Boehm, B.: “Costing Secure Systems”. In: 18th International Forum on COCOMO and Software Cost Modeling, Los Angeles (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, D., Yang, Y. (2006). Towards an Approach for Security Risk Analysis in COTS Based Development. In: Wang, Q., Pfahl, D., Raffo, D.M., Wernick, P. (eds) Software Process Change. SPW 2006. Lecture Notes in Computer Science, vol 3966. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11754305_14
Download citation
DOI: https://doi.org/10.1007/11754305_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34199-4
Online ISBN: 978-3-540-34201-4
eBook Packages: Computer ScienceComputer Science (R0)