Browse > Article
http://dx.doi.org/10.7472/jksii.2016.17.4.79

Definition of Security Metrics for Software Security-enhanced Development  

Seo, Dongsu (School of IT, Sungshin Women's University)
Publication Information
Journal of Internet Computing and Services / v.17, no.4, 2016 , pp. 79-86 More about this Journal
Abstract
Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.
Keywords
Security Metric; Secure Coding; Code Quality; Security-enhanced development;
Citations & Related Records
연도 인용수 순위
  • Reference
1 IBM X-Force Threat Intelligence Quaterly, 1Q 2015
2 Software security-enhanced development guides version 2, Ministry of the Interior 2013.11, http://www.moi.go.kr/frt/bbs/type001/commonSelectBoardArticle.do?bbsId=BBSMSTR_000000000012&nttId=42149
3 BSIMM 6, http://www.BSIMM.com, 2015
4 Open SAMM, http://www.opensamm.org
5 Microsoft SDL, https://www.microsoft.com/en-us/sdl/
6 R. Seacord, The CERT C Secure Coding Standard, Addison Wesley, 2008.
7 MISRA-C:2012 http://www.misra.org.uk
8 Software security-enhanced development guides using open source software, Ministry of the Interior, 2016. 2 http://www.moi.go.kr/frt/bbs/type001/commonSelectBoardArticle.do?bbsId=BBSMSTR_000000000012&nttId=48386
9 Development and operation guide for public and administrative information systems, Ministry of the Interior 2013.11 2013. 8
10 D. Seo, S, Kim et al, Study on application of Software security-enhanced development, KISA, 2014
11 L. Laird, M Brennan, Software Measurement and Estimation: A Practical Approach, Wiley Inter-Science, 2006
12 Common Criteria, http://commoncriteriaportal.org, 2006.
13 National Vulnerability Database Version 2.2, http://nvd.nist.gov/
14 Common Vulnerability Scoring System version 3, http://nvd.nist.gov/cvss.cfm, 2016
15 OWASP Top 10 https://www.owasp.org/index.php
16 Common Weakness Enumeration https://cwe.mitre.org/
17 Guidelines for certification of G-ISMS, Ministry of the Interior, 2010. 6. http://www.law.go.kr/LSW/admRulInfoP.do?admRulSeq=2000000014026