Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping
Autor: | Mary-Luz Sánchez-Gordón, Alex Sánchez, Ricardo Colomo-Palacios, Xabier Larrucea, Antonio de Amescua Seco |
---|---|
Rok vydání: | 2017 |
Předmět: |
Process management
business.industry Computer science Standard of Good Practice 020207 software engineering 02 engineering and technology Asset (computer security) Information Technology Infrastructure Library Software ITIL security management Software security assurance 020204 information systems 0202 electrical engineering electronic engineering information engineering Software engineering business Software architecture Information security management system |
Zdroj: | Communications in Computer and Information Science ISBN: 9783319642178 EuroSPI |
DOI: | 10.1007/978-3-319-64218-5_1 |
Popis: | Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs. |
Databáze: | OpenAIRE |
Externí odkaz: |