首页> 外文会议>Engineering secure software and systems >Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

【24h】

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

机译：开发之前的思想谨慎：使用网络安全领域知识来教育软件工程师防范软件漏洞

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

The transfer of cybersecurity domain knowledge from security experts ('Ethical Hackers') to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.

机译：讨论了将网络安全领域知识从安全专家（“道德黑客”）转移到软件工程师的意愿和可行性。严格审查了可能的转移机制。软件工程方法论没有以漏洞数据库的形式（例如CWE，CVE，漏洞数据库）使用安全域知识，因此不适合此目的。提出了一种基于包括安全域知识在内的模式语言的改进使用的方法。

著录项

来源
《Engineering secure software and systems》|2017年|133-142|共10页
会议地点 Bonn(DE)
作者
Tayyaba Nafees; Natalie Coull; Robert Ian Ferguson; Adam Sampson;
展开▼
作者单位

School of Arts, Media and Computer Games, University of Abertay Dundee, Dundee DD1 1HG, UK;

School of Arts, Media and Computer Games, University of Abertay Dundee, Dundee DD1 1HG, UK;

School of Arts, Media and Computer Games, University of Abertay Dundee, Dundee DD1 1HG, UK;

School of Arts, Media and Computer Games, University of Abertay Dundee, Dundee DD1 1HG, UK;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Software Development Lifecycle (SDLC); Security Pattern (SP); Software Fault Pattern (SFP); Attack Pattern (AP); Vulnerability DataBase (VDB);

机译：软件开发生命周期（SDLC）；安全模式（SP）；软件故障模式（SFP）；攻击模式（AP）；漏洞数据库（VDB）;
入库时间 2022-08-26 14:05:32

相似文献

外文文献
中文文献
专利

1. Could removal of project-level knowledge flow obstacles contribute to software process improvement? A study of software engineer perceptions [J] . Mitchell Susan M., Seamans Carolyn B. Information and software technology . 2016,第apra期

机译：消除项目级知识流障碍是否有助于软件过程的改进？研究软件工程师的观念
2. Cybersecurity: a predictive analytical model for software vulnerability discovery process [J] . Nawa Raj Pokhrel, Netra Khanal, Chris P. Tsokos, Journal of Cyber Security Technology . 2021,第1期

机译：网络安全：软件漏洞发现过程的预测分析模型
3. Educating Software Engineers: An Industry Viewpoint [J] . Donald J. Reifer Software Engineering Notes . 2005,第3期

机译：教育软件工程师：行业观点
4. Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities [C] . Tayyaba Nafees, Natalie Coull, Robert Ian Ferguson, International Symposium on Engineering Secure Software and Systems . 2017

机译：思考在开发前：使用网络安全域知识来教育软件工程师免受软件漏洞
5. Software Process Improvement through the Removal of Project-level Knowledge Flow Obstacles: The Perceptions of Software Engineers [D] . Mitchell, Susan Marie. 2012

机译：通过消除项目级别的知识流障碍来改善软件过程：软件工程师的看法
6. A software program designed to educate patients on age-related skin changes of facial and exposed extrafacial regions: the results of a validation study [O] . Greg J Goodman, Michael B Halstead, John D Rogers, 2012

机译：设计用于教育患者面部和裸露面部区域与年龄相关的皮肤变化的软件程序：一项验证研究的结果
7. Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities [O] . Tayyaba Nafees, Natalie Coull, Robert Ian Ferguson, 2017

机译：思考在开发前：使用网络安全域知识来教育软件工程师免受软件漏洞
8. Software Security Knowledge: CWE. Knowing What Could Make Software Vulnerable to Attack [R] . Martin, R. A., Barnum, S. 2011

机译：软件安全知识：CWE。了解什么可能使软件易受攻击

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

摘要

著录项

相似文献

相关主题

期刊订阅