Regresar

Towards the integration of security practices in the software implementation process of ISO/IEC 29110: A mapping

Abstract:

Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs.

Año de publicación:

2017

Keywords:

  • ISO/IEC 29110
  • Small companies
  • S-SDLC
  • CSSLP
  • Software security
  • VSE

Fuente:

scopusscopus

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

  • Ingeniería de software
  • Software

Áreas temáticas:

  • Programación informática, programas, datos, seguridad
  • Métodos informáticos especiales
  • Ciencias de la computación

Contribuidores:

Sánchez A.Sánchez A.
de Amescua Seco A.de Amescua Seco A.
Colomo-Palacios R.Colomo-Palacios R.
Mary Luz Sanchez-GordónMary Luz Sanchez-Gordón
Larrucea X.Larrucea X.