Proceedings Article10.1109/ISCISC.2014.6994034
A threatened-based software security evaluation method
Mohammad Reza Razian,Hasan Mokhtari Sangchi +1 more
- 22 Dec 2014
- pp 120-125
5
TL;DR: A Threatened-based Software Security Evaluation method is proposed to improve the security evaluation process of software and focuses on existing threatened entities of software which in turn result in software threats and their corresponding controls and countermeasures.
read more
Abstract: Nowadays, security evaluation of software is a substantial matter in software world. Security level of software will be determined by wealth of data and operation which it provides for us. The security level is usually evaluated by a third party, named Software Security Certification Issuance Centers. It is important for software security evaluators to perform a sound and complete evaluation, which is a complicated process considering the increasing number of emerging threats. In this paper we propose a Threatened-based Software Security Evaluation method to improve the security evaluation process of software. In this method, we focus on existing threatened entities of software which in turn result in software threats and their corresponding controls and countermeasures. We also demonstrate a Security Evaluation Assistant (SEA) tool to practically show the effectiveness of our evaluation method.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions
TL;DR: In this paper, the authors present a systematic literature review (SLR) of the present approaches used for assessing the security of software components in the literature by practitioners to protect software systems for the Internet of Things (IoT).
Proceedings Article
Method and Technology for Ensuring the Software Security by Identifying and Classifying the Failures and Vulnerabilities
TL;DR: In this paper , a method for ensuring the software security by identifying and classifying the failures and vulnerabilities provides a conclusion as to whether a failure occurred, and if a failed occurred, its type is issued to the user.
1
Research on Penetration Testing Method of Power Information System Based on Knowledge Graph
Liu Sheng,Xinyue Shi,Song Yilei,Zhang Lei,Yingying Wang,Yuan Ze,Dandan Li,Liu Xiue +7 more
- 08 Dec 2023
TL;DR: A penetration testing method based on knowledge graph that uses knowledge graph to represent and infer network topology, asset information and vulnerability information to guide the automated execution of penetration testing for power information systems is proposed.
1
Lightweight Terminal Security Evaluation Based on Operation Habits and Terminal Abilities
TL;DR: The evaluation process of terminal security was demonstrated to prove that the proposed method is a comprehensive, real-time and multi-time security evaluation method for the security threat of operation of terminal.
Research on Intelligent Vulnerability Identification Method for Power Information System
Liu Sheng,Yuan Ze,Lin Yang,Yongxin Fan,Dandan Li,Xinyue Shi,Song Yilei,Zhanquan Yun +7 more
- 08 Dec 2023
TL;DR: Experiments show this intelligent vulnerability identification method for power information system greatly improves efficiency over manual penetration by promptly discovering vulnerabilities, boosting security of power information system.
References
•Book
Joe Celko's Trees and Hierarchies in SQL for Smarties
Joe Celko
- 21 May 2004
TL;DR: The second edition of "Tree and Hierarchies in SQL for Smarties" as discussed by the authors covers two new sets of extensions over three entirely new chapters and expounds upon the changes in SQL standards since the previous edition's publication.
59
National Checklist Program for IT Products--Guidelines for Checklist Users and Developers
Stephen D. Quinn,Murugiah Souppaya,Melanie Cook,Karen A. Scarfone +3 more
- 30 Sep 2009
TL;DR: Special Publication 800-70 Revision 2, National Checklist Program for IT Products Guidelines for Checklist Users and Developers, describes security configuration checklists and their benefits, and it explains how to use the NIST National Check list Program (NCP) to find and retrieve checklists.
SP 800-70 Rev. 2. National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Stephen D. Quinn,Murugiah Souppaya,Melanie Cook,Karen A. Scarfone +3 more
- 01 Feb 2011
TL;DR: The NIST National Checklist Program for IT Products Guidelines for Checklist Users and Developers (SP 800-70 Revision 2) as mentioned in this paper describes security configuration checklists and their benefits, and explains how to use the NIST NCP to find and retrieve checklists.
24
•Book
Software Security: Building Security In
Gary McGraw
- 01 Jan 2006
TL;DR: This book presents a detailed approach to getting past theory and putting software security into practice, and describes a manageably small set of touchpoints based around the software artifacts that you already produce that can be adopted without radically changing the way you work.