I am looking for some research papers or white papers that investigate how the enforcement of best practices contribute to secure software development?
Because of the importance of security, if a system has high security, the raw and processed information and data will be preserved in it. On the other hand, the system is protected from worms and hackers.
For developers and app designers, internet service companies and so on,
security is important for computer system of all fields in computer sciences.
Worldwide all the people need the security for their system.
Because of the importance of security, if a system has high security, the raw and processed information and data will be preserved in it. On the other hand, the system is protected from worms and hackers.
For developers and app designers, internet service companies and so on,
security is important for computer system of all fields in computer sciences.
Worldwide all the people need the security for their system.
Elika Daghighi : Thanks for your answer. I am totally understand the importance of security and as I am having a security background for me their importance is obvious. I know that best practices are by definition believed to be secure and I am looking for some paper that formally verify and prove security.
Hermann Gruenwald : I am totally agree, but I am looking for some papers that prove this by using formal or other verification methods. For example, in case of OAuth there is the following article that proved the role of BCPs in securing the system by using formal analysis: "The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines"
I see as one corner stone the enforcement of "secure by design (SBD)" principals. A combination with "privacy by design" or secure code review in your software developement cycle can help you to establish your best practice.
Thanks for bringing up this fundamental point. Secure by design principal is one of the most important concept that is missing mostly in SDLC. However, I found some interesting research papers that I would like to share:
Building High Assurance Secure Applications using Security Patterns for Capability-Based Platforms
Applicability of Security Patterns
The creation of ‘best practice’ software: Myth, reality and ethics
Patch your software and systems Many attackers exploit known vulnerabilities associated with old or out-of-date software. To thwart common attacks, ensure that all your systems have up-to-date patches. Regular patching is one of the most effective software security practices.. https://www.synopsys.com/blogs/software-security/top-10-software-security-best-practices/amp/
Computer security is important because it keeps your information protected. It's also important for your computer's overall health; proper computer security helps prevent viruses and malware, which allows programs to run quicker and smoother. https://blog.onsharp.com/the-importance-of-computer-security
With the growth of software flaws there is a rise in the demand of security embedding to achieve the goal of secure software development in a more efficient manner. Different practices are in use to keep the software intact. These practices also meant to be scrutinized for better results on the basis of the level of security, efficiency and complexity they are providing. It may also be weighted on the basis of Confidentiality, Integrity and Availability (CIA). Software security is a step by step procedure which can not be achieved just at a specific level but it should be taken into account from the beginning of the Software Development Life Cycle (SDLC). https://www.researchgate.net/publication/237403607_Best_practices_for_software_security_An_overview
thank you for suggesting reading on security patterns and their role in the software developement cycle. It reminds me of an other related aspect, which I have seen in several security assessments: The combination of secure componenets in a system does not neccesarely lead to a secure system. I would always insist in a security assessment of the final production system! If your system is a secure software system then you need to validate on the production system to which extend all your develpopement measures taken really lead to the objective of having a secure final system.
Thanks again for the insights that you brought, actually what you mentioned it was the first reason that I bring to my mind the question with regard to the best practices. Best practices are by definition believed to be secure, but I didn't see a lot of research papers on proving the security by integrating the best practices. In my specific filed (Identity management) I saw papers that formally proved that the application of best practices, but I noticed few papers in general software engineering. The second point that I want to highlight is that I am agree with you that it is important to validate the production system, but I expect less security problem when you put aside secure components.