short-paper

Software security for small development teams: a case study

Authors:

Michael Kainerstorfer,

Johannes Sametinger,

Andreas WiesauerAuthors Info & Claims

iiWAS '11: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services

Pages 305 - 310

https://doi.org/10.1145/2095536.2095590

Published: 05 December 2011 Publication History

Abstract

Microsoft is developing wide-spread software solutions like the Windows operating system and the Office suite. In order to improve security of their products, they have introduced the Microsoft Security Development Lifecycle (MS-SDL). Ample documentation about the MS-SDL is available, thus, allowing other companies to adopt the lifecycle as well. We were wondering whether an adoption of the lifecycle is possible and useful for real small development teams, e.g., for a single developing person. In order to find out, we have done a practical test, i.e., we have used the MS-SDL for the development of a small, but real-world software project. The findings will be presented in this paper.

References

[1]

Sommerville I. 2007. Software Engineering, 8^th edition, Addison-Wesley.

Digital Library

[2]

Kent Beck, Cynthia Andres. Extreme Programming Explained: Embrace Change. Addison-Wesley Professional; 2 Edition, 2004.

Digital Library

[3]

Alistair Cockburn. Crystal Clear: A Human-Powered Methodology for Small Teams (Agile Software Development), Addison-Wesley Longman, Amsterdam, 2004.

Digital Library

[4]

Mike Cohn. Succeeding with Agile: Software Development Using Scrum, Addison-Wesley Signature, Addison-Wesley Longman, Amsterdam, 2009.

Digital Library

[5]

Boehm B. and Turner R. 2004. Balancing Agility and Discipline, Addison-Wesley.

Digital Library

[6]

Swiderski F. and Snyder W., 2004. Threat Modeling, Microsoft Press.

Digital Library

[7]

Microsoft 2011. The Microsoft SDL, www.microsoft.com/security/sdl

[8]

OWASP. 2007. OWASP CLASP v1.2. Comprehensive, Lightweight Application Security Process.

[9]

McGraw G. 2009. Software Security: Building Security In, 5^th edition, Addison-Wesley.

[10]

Microsoft 2010. Security Development LifeCycle V. 5.0, Microsoft Press.

[11]

Howard M. Lipner S. 2006. The Security Development Life-cycle, Microsoft Press.

Digital Library

[12]

Curphey M., Scambray J., Olson E. 2003. Improving Web Application Security: Threats and Countermeasures, Microsoft Press.

[13]

Howard M., LeBlanc D. 2003. Writing Secure Code, Microsoft Press.

Digital Library

[14]

Microsoft. Improving Web Application Security: Threats and Countermeasures, http://msdn.microsoft.com/enus/library/ff649874.aspx

[15]

Hernan, S., Lambert, S., Ostwald, T., and Shostack, A. 2006. Uncover Security Design Flaws Using The STRIDE Approach. MSDN Magazine, Nov. 2006, http://msdn.microsoft.com/en-us/magazine/cc163519.aspx

Cited By

Saeed HShafi IAhmad JKhan AKhurshaid TAshraf I(2025)Review of Techniques for Integrating Security in Software Development LifecycleComputers, Materials & Continua10.32604/cmc.2024.05758782:1(139-172)Online publication date: 2025
https://doi.org/10.32604/cmc.2024.057587
Marjanovic JDalcekovic NSladic G(2023)Blockchain-based model for tracking compliance with security requirementsComputer Science and Information Systems10.2298/CSIS210923060M20:1(359-380)Online publication date: 2023
https://doi.org/10.2298/CSIS210923060M
Niazi MSaeed AAlshayeb MMahmood SZafar S(2020)A Maturity Model for Secure Requirements EngineeringComputers & Security10.1016/j.cose.2020.101852(101852)Online publication date: May-2020
https://doi.org/10.1016/j.cose.2020.101852
Show More Cited By

Index Terms

Software security for small development teams: a case study
1. Software and its engineering

Recommendations

Building More Secure Software with Improved Development Processes

In this installment, I draw on experiences gained as a member of Microsoft's central security team to outline some basic best practices you can implement in your software development process. These practices affected Microsoft products released since ...
Synthesis of secure software development controls
SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development ...
Software Security in Practice

Until now, this department has focused on the kinds of activities that constitute a secure development life cycle. Now, it's broadening its scope to consider the ongoing organizational commitments necessary to facilitate secure software development. To ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

iiWAS '11: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services

December 2011

572 pages

ISBN:9781450307840

DOI:10.1145/2095536

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

MoMM '11

MoMM '11: The 9th International Conference on Advances in Mobile Computing & Multimedia

December 5 - 7, 2011

Ho Chi Minh City, Vietnam

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
490
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Saeed HShafi IAhmad JKhan AKhurshaid TAshraf I(2025)Review of Techniques for Integrating Security in Software Development LifecycleComputers, Materials & Continua10.32604/cmc.2024.05758782:1(139-172)Online publication date: 2025
https://doi.org/10.32604/cmc.2024.057587
Marjanovic JDalcekovic NSladic G(2023)Blockchain-based model for tracking compliance with security requirementsComputer Science and Information Systems10.2298/CSIS210923060M20:1(359-380)Online publication date: 2023
https://doi.org/10.2298/CSIS210923060M
Niazi MSaeed AAlshayeb MMahmood SZafar S(2020)A Maturity Model for Secure Requirements EngineeringComputers & Security10.1016/j.cose.2020.101852(101852)Online publication date: May-2020
https://doi.org/10.1016/j.cose.2020.101852
Kayem ARatshidaho RMaoyi MMacanda S(2014)Experiences with Threat Modeling on a Prototype Social NetworkInformation Security in Diverse Computing Environments10.4018/978-1-4666-6158-5.ch014(261-279)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-6158-5.ch014

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten