Off-campus SJSU users: To download campus access theses, please use the following link to log into our proxy server with your SJSU library user name and PIN.
Publication Date
Spring 2012
Degree Type
Thesis - Campus Access Only
Degree Name
Master of Science (MS)
Department
Computer Engineering
Advisor
Weider Yu
Keywords
SDLC, Security, Software
Subject Areas
Computer engineering
Abstract
Software security has been recognized to be an important trait for future software development, but the adoption of a secure software development lifecycle has yet to be fully integrated into current software development models. This is due to immaturities in secure software development lifecycle models and the lengthy development time imposed by security. To further exacerbate the current rampant growth of software vulnerabilities, the future direction for software applications is moving rapidly into the web space. With the expansive use of Web Services, a new attack space is opened.
As the push for mobile code increases, so will the number of software bugs and vulnerabilities hence the need for adopting a secure software development model. The need to build a knowledge base of common coding errors is important in exposing current vulnerabilities and preventing future vulnerabilities. In this thesis reporting a study of the current growth of software vulnerabilities, the importance of a categorization tool, the SQUARE model, the evolution of the SQUARE model combined with the Risk Management Framework to produce the SQUARE+R model, and the adaptability of the SQUARE+R model to an agile development lifecycle are presented. The use of a hypothetical case study of the SQUARE+R model was conducted using real world vulnerabilities assessed by a group of experienced software developers to determine the effectiveness of the SQUARE+R model. Results obtained from this hypothetical case study conclude that the SQUARE+R model can be effective in reducing over half of the major contributing software vulnerabilities.
Recommended Citation
Le, Kyle, "Towards a secure sotware development lifecycle with SQUARE+R" (2012). Master's Theses. 4144.
DOI: https://doi.org/10.31979/etd.b8rs-urwn
https://scholarworks.sjsu.edu/etd_theses/4144