CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Article:A Strategic Approach for Risk Analysis of Production Software Systems

by Sumithra A, Ramaraj E, Sree Ram Kumar T
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 10 - Number 2
Year of Publication: 2010
Authors: Sumithra A, Ramaraj E, Sree Ram Kumar T
10.5120/1453-1964

Sumithra A, Ramaraj E, Sree Ram Kumar T . Article:A Strategic Approach for Risk Analysis of Production Software Systems. International Journal of Computer Applications. 10, 2 ( November 2010), 23-30. DOI=10.5120/1453-1964

@article{ 10.5120/1453-1964,
author = { Sumithra A, Ramaraj E, Sree Ram Kumar T },
title = { Article:A Strategic Approach for Risk Analysis of Production Software Systems },
journal = { International Journal of Computer Applications },
issue_date = { November 2010 },
volume = { 10 },
number = { 2 },
month = { November },
year = { 2010 },
issn = { 0975-8887 },
pages = { 23-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume10/number2/1453-1964/ },
doi = { 10.5120/1453-1964 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:58:45.109984+05:30
%A Sumithra A
%A Ramaraj E
%A Sree Ram Kumar T
%T Article:A Strategic Approach for Risk Analysis of Production Software Systems
%J International Journal of Computer Applications
%@ 0975-8887
%V 10
%N 2
%P 23-30
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Defects in production software can incur heavy damage to a business operation; yet most current approaches to software security assessment focus primarily on new code development. The paper aims at introducing a strategic approach for reducing the operational security risk. The familiar top-down structured development process used by internal development groups is totally inappropriate for risk analysis of production software systems. And generally the cost of finding and fixing a bug in a production system is regarded as too high. So there is an imperative necessity to focus on approaches tailored specifically for production software systems which is the one attempted here.

References
  1. 2005 Breach Analysis, April 2006 http://www.software.co.il/downloads/breachAnalysis2005.xls
  2. Privacy Rights Clearinghouse, http://www.privacyrights.org/
  3. Developing Secure Software, Noopur Davis, http://www.softwaretechnews.com/stn8-2/noopur.html
  4. Top-down Security”, Alan Paller, http://infosecuritymag.techtarget.com/articles/1999/paller.shtml
  5. In production, it’s often 100 times more expensive than finding and fixing the bug during requirements and design phase”. Barry Boehm, Victor R. Basili, IEE Computer, 34(1): 135-137, 2001
  6. CVSS (Common Vulnerability Scoring System) is a standard way to convey vulnerability severity and help determine urgency and priority of response, http://www.first.org/cvss/intro/ Vendors such as Cisco, Symantec and Skype use CVSS to score their own application vulnerabilities.
  7. CLASP (Comprehensive, Lightweight Application Security Process), http://www.owasp.org/index.php/CLASP
Index Terms

Computer Science
Information Sciences

Keywords

Risk Production Software System Security Risk Vulnerability Software Components

Powered by PhDFocusTM