Current Trends in Secure Software Engineering: Novel Perspectives
Keywords:
Secure Software Engineering, Privilege, Privacy, Attacks, malicious actionAbstract
The security-focused approach in software engineering emphasizes the essential incorporation of security measures throughout the entire software development lifecycle. In an era marked by escalating cyber-threats and data breaches, this paper delineates novel perspectives and principles to fortify software systems against evolving adversarial landscapes. Motivated by the need to protect sensitive data, prevent financial losses, and adhere to stringent regulatory frameworks, the paper advocates for a proactive stance in software security. The principles outlined encompass threat modeling during the design phase, implementing the principle of least privilege, embracing defense in depth, and adhering to secure coding standards. With a focus on securing user authentication, robust data encryption, and meticulous input validation, the paper underscores the importance of a comprehensive security-oriented approach. The significance of continuous monitoring, incident response planning, and user education is also emphasized to bolster the overall security posture. By discussing these principles and practices, this paper serves as a comprehensive guide for software developers, architects, and stakeholders seeking to integrate robust security measures seamlessly into their software engineering endeavors. The novel perspectives presented herein aim to inspire a paradigm shift in the way security is conceptualized and integrated throughout the software development lifecycle.
References
Khan RA, Khan SU, Khan HU, Ilyas M. Systematic mapping study on security approaches in secure software engineering. IEEE Access. 2021;9:19139–19160.
Jayaram KR, Mathur AP. Software engineering for secure software-state of the art: a survey. Joint CERIAS and SERC Tech Report. West Lafayette, IN, USA: Department of Computer Science, Purdue University;2005.
Yuan X, Yang L, Jones B, Yu H, Chu BT. Secure software engineering education: knowledge area, curriculum and resources. J Cybersecurity Educ ResPract. 2016;2016(1):Article 3.
Khan RA, Khan SU, Ilyas M, Idris MY. The state of the art on secure software engineering: a systematic mapping study. In: Proceedings of the 24th International Conference on Evaluation and Assessment in Software Engineering,Trondheim, Norway, April 15–17, 2020.pp. 487–492.
Islam S, Mouratidis H, Jürjens J. A framework to support alignment of secure software engineering with legal regulations. Softw Syst Model. 2011;10(3):369–394.
Mohammad A, Alqatawna JF, Abushariah M. Secure software engineering: evaluation of emerging trends. In: 2017 8th International Conference on Information Technology (ICIT),Amman, Jordan, May 17–18, 2017.pp. 814–818.
Yu H, Jones N, Bullock G, Yuan XY. Teaching secure software engineering: writing secure code. In: 2011 7th Central and Eastern European Software Engineering Conference (CEE-SECR), Moscow, Russia, October 31–November 3, 2011.pp. 1–5.
Davis N, Humphrey W, Redwine ST, Zibulski G, McGraw G. Processes for producing secure software. IEEE Security Privacy. 2004;2(3):18–25.
Von Solms S, Futcher LA. Adaption of a secure software development methodology for secure engineering design. IEEE Access. 2020;8:125630–125637.
Sodiya AS, Onashoga SA, Ajayĩ OB. Towards building secure software systems. Issues Informing Sci Inform Technol. 2006;3: 635–646.
Daud MI. Secure software development model: a guide for secure software life cycle. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, Hong Kong, China, March 17–19, 2010.Volume 1, pp. 1–5.
