Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

机译：思考在开发前：使用网络安全域知识来教育软件工程师免受软件漏洞

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The transfer of cybersecurity domain knowledge from security experts ('Ethical Hackers') to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.

机译：从安全专家（“道德黑客”）到软件工程师的网络安全域知识的转移是在可取性和可行性方面讨论的。转移的可能机制是批判性检查的。软件工程方法没有以其漏洞数据库的形式使用安全域知识（例如，CWE，CWE，CVE，EXPLOIT DB），因此不适合此目的。提出了一种基于改进的模式语言的方法，包括包括安全域知识的模式。

著录项

来源
《International Symposium on Engineering Secure Software and Systems》|2017年|239p|共10页
会议地点
作者
Tayyaba Nafees; Natalie Coull; Robert Ian Ferguson; Adam Sampson;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP311.5-53;
关键词
Software Development Lifecycle (SDLC); Security Pattern (SP); Software Fault Pattern (SFP); Attack Pattern (AP); Vulnerability DataBase (VDB);

机译：软件开发生命周期（SDLC）;安全模式（SP）;软件故障模式（SFP）;攻击模式（AP）;漏洞数据库（VDB）;
入库时间 2022-08-20 23:19:11

相似文献

外文文献
中文文献
专利

1. Could removal of project-level knowledge flow obstacles contribute to software process improvement? A study of software engineer perceptions [J] . Mitchell Susan M., Seamans Carolyn B. Information and software technology . 2016,第apra期

机译：消除项目级知识流障碍是否有助于软件过程的改进？研究软件工程师的观念
2. Cybersecurity: a predictive analytical model for software vulnerability discovery process [J] . Nawa Raj Pokhrel, Netra Khanal, Chris P. Tsokos, Journal of Cyber Security Technology . 2021,第1期

机译：网络安全：软件漏洞发现过程的预测分析模型
3. Educating Software Engineers: An Industry Viewpoint [J] . Donald J. Reifer Software Engineering Notes . 2005,第3期

机译：教育软件工程师：行业观点
4. Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities [C] . Tayyaba Nafees, Natalie Coull, Robert Ian Ferguson, Engineering secure software and systems . 2017

机译：开发之前的思想谨慎：使用网络安全领域知识来教育软件工程师防范软件漏洞
5. Software Process Improvement through the Removal of Project-level Knowledge Flow Obstacles: The Perceptions of Software Engineers [D] . Mitchell, Susan Marie. 2012

机译：通过消除项目级别的知识流障碍来改善软件过程：软件工程师的看法
6. A software program designed to educate patients on age-related skin changes of facial and exposed extrafacial regions: the results of a validation study [O] . Greg J Goodman, Michael B Halstead, John D Rogers, 2012

机译：设计用于教育患者面部和裸露面部区域与年龄相关的皮肤变化的软件程序：一项验证研究的结果
7. Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities [O] . Tayyaba Nafees, Natalie Coull, Robert Ian Ferguson, 2017

机译：思考在开发前：使用网络安全域知识来教育软件工程师免受软件漏洞
8. Software Security Knowledge: CWE. Knowing What Could Make Software Vulnerable to Attack [R] . Martin, R. A., Barnum, S. 2011

机译：软件安全知识：CWE。了解什么可能使软件易受攻击

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

摘要

著录项

相似文献

相关主题

期刊订阅