Escuela de Ingeniería Informática

Facultad de Ingeniería

Carrera certificada por 5 años hasta Enero de 2026

Generating Software Security Knowledge Through Empirical Methods

  • Noël, René
  • Matalonga, S.
  • Pedraza, G.
  • Astudillo, H.
  • Fernandez, E.
Abstract:
This chapter exemplifies the use of experimental techniques, borrowed from software engineering, to create validated knowledge in the Security field. Systematic approaches for secure software development, specifically those implying some sort of process aligned with the software development life cycle (SDLC), are called security methodologies. There are a number of security methodologies in the literature, of which the most flexible and most satisfactory from an industry adoption viewpoint are methodologies that encapsulate their security solutions in some fashion, such as via the use of security patterns, security tactics security tactics, or security vulnerabilities. Security tactics security tactics are proven reusable architectural building blocks that encapsulate design decision knowledge to support the achievement of the security attributes. Security patterns are encapsulated solutions to recurrent security design problems that cover all software life cycle stages, including handling threats and fixing vulnerabilities in software systems. Both tactics and patterns describe design decisions to mitigate specific security threats, and both are organized in catalogs.
Year:
2017
Type of Publication:
In Book
Hits: 240
Back
  • Escuela de Ingeniería Informática

  • Universidad de Valparaíso

  • General Cruz 222, Valparaíso

  • +56 32 250 3630

  • Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo.