Off-campus SJSU users: To download campus access theses, please use the following link to log into our proxy server with your SJSU library user name and PIN.

Publication Date

Spring 2012

Degree Type

Thesis - Campus Access Only

Degree Name

Master of Science (MS)


Computer Engineering


Weider Yu


SDLC, Security, Software

Subject Areas

Computer engineering


Software security has been recognized to be an important trait for future software development, but the adoption of a secure software development lifecycle has yet to be fully integrated into current software development models. This is due to immaturities in secure software development lifecycle models and the lengthy development time imposed by security. To further exacerbate the current rampant growth of software vulnerabilities, the future direction for software applications is moving rapidly into the web space. With the expansive use of Web Services, a new attack space is opened.

As the push for mobile code increases, so will the number of software bugs and vulnerabilities hence the need for adopting a secure software development model. The need to build a knowledge base of common coding errors is important in exposing current vulnerabilities and preventing future vulnerabilities. In this thesis reporting a study of the current growth of software vulnerabilities, the importance of a categorization tool, the SQUARE model, the evolution of the SQUARE model combined with the Risk Management Framework to produce the SQUARE+R model, and the adaptability of the SQUARE+R model to an agile development lifecycle are presented. The use of a hypothetical case study of the SQUARE+R model was conducted using real world vulnerabilities assessed by a group of experienced software developers to determine the effectiveness of the SQUARE+R model. Results obtained from this hypothetical case study conclude that the SQUARE+R model can be effective in reducing over half of the major contributing software vulnerabilities.