Relevant bibliographies by topics / Software product security

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Software product security'

Author: Grafiati
Published: 5 June 2025
Last updated: 24 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Software product security.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Software product security"

1

Rasheed, Hassan. "Vulnerability distribution scoring for software product security assessment." International Journal of Information and Computer Security 6, no. 3 (2014): 270. http://dx.doi.org/10.1504/ijics.2014.066653.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Mellado, Daniel, Eduardo Fernández-Medina, and Mario Piattini. "Security requirements engineering framework for software product lines." Information and Software Technology 52, no. 10 (2010): 1094–117. http://dx.doi.org/10.1016/j.infsof.2010.05.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Hussain, Shariq, Haris Anwaar, Kashif Sultan, et al. "Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model." Journal of Engineering 2024 (February 21, 2024): 1–15. http://dx.doi.org/10.1155/2024/9962691.

Full text
Abstract:
For the past few years, software security has become a pressing issue that needs to be addressed during software development. In practice, software security is considered after the deployment of software rather than considered as an initial requirement. This delayed action leads to security vulnerabilities that can be catered for during the early stages of the software development life cycle (SDLC). To safeguard a software product from security vulnerabilities, security must be given equal importance with functional requirements during all phases of SDLC. In this paper, we propose a policy-driven waterfall model (PDWM) for secure software development describing key points related to security aspects in the software development process. The security requirements are the security policies that are considered during all phases of waterfall-based SDLC. A framework of PDWM is presented and applied to the e-travel scenario to ascertain its effectiveness. This scenario is a case of small to medium-sized software development project. The results of case study show that PDWM can identify 33% more security vulnerabilities as compared to other secure software development techniques.
APA, Harvard, Vancouver, ISO, and other styles
4

Zhang, Zan, Guofang Nan, and Yong Tan. "Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization." Information Systems Research 31, no. 3 (2020): 848–64. http://dx.doi.org/10.1287/isre.2019.0919.

Full text
Abstract:
Because of its on-demand feature and flexible pay-as-you-go mechanism, cloud service dramatically reduces the up-front information technology expenses that may deter many clients from implementing on-premises software. The associated security risks and low customization capability, however, create challenges for the adoption of cloud service. We study the competitive implications of security risks and customization capability on consumer purchase choices and vendors’ pricing and investment strategies. Although cloud services are perceived to be more vulnerable to cyberattack, our results demonstrate that in high-security-loss environments, using cloud service yields a lower average expected loss for consumers as compared with on-premises software. By endogenizing vendors’ investment decisions, our investigation highlights that the cloud vendor does not necessarily economically benefit from investing in addressing cloud security, especially in low-security-loss environments. We also find that the on-premises vendor’s security and customization investments act as strategic substitutes in low-security-loss environments and, under certain conditions, complement in high-security-loss environments. We further examine welfare-maximizing security investments and find that the socially optimal investment requires greater effort to improve cloud security in low-security-loss environments and to improve on-premises software security in high-security-loss environments.
APA, Harvard, Vancouver, ISO, and other styles
5

Rianat Abbas, Sunday Jacob Nwanyim, Joy Awoleye Adesina, Augustine Udoka Obu, Adetomiwa Adesokan, and Jeremiah Folorunso. "Secure by design - enhancing software products with AI-Driven security measures." Computer Science & IT Research Journal 6, no. 3 (2025): 184–200. https://doi.org/10.51594/csitrj.v6i3.1880.

Full text
Abstract:
As cyber threats continue to evolve in scale and complexity, traditional reactive security measures no longer suffice. This study explores the integration of AI-driven security within the Secure by Design framework as a forward-looking approach to building inherently secure digital products across industries. Rather than treating security as an afterthought, Secure by Design embeds protective mechanisms—such as encryption, predictive analytics, and real-time threat detection—throughout the product development lifecycle. This research employs quantitative design, surveying 203 professionals from sectors including finance, software development, agriculture, and construction. It investigates the adoption, effectiveness, and challenges of AI-powered security measures, using machine learning algorithms to analyze key security features. The findings reveal that encryption, predictive security, and automated response systems are the most impactful components in strengthening product security. The model achieved a strong performance with an accuracy of 79%, though challenges such as false positives and integration complexity persist. Despite growing awareness, many organizations still address security reactively, with only 14.8% incorporating it during the design phase. Barriers such as limited awareness, cost, and complexity continue to slow adoption. However, 74.9% of respondents express openness to deeper AI integration in future product developments, highlighting optimism about its potential. This study reinforces the need for a proactive shift in security practices, where AI not only supports real-time threat detection but also future-proofs products in an increasingly hostile cyber landscape. By embedding AI into the design phase, organizations can reduce attack surfaces, comply with regulatory demands, and build stakeholder trust. Future research should explore industry-specific implementations, autonomous AI systems in low-tech environments, and the scalability of cross-sector security frameworks. Keywords: Secure by Design, AI-Driven Security, Encryption, Predictive Threat Detection, Machine Learning, Product Development.
APA, Harvard, Vancouver, ISO, and other styles
6

Peldszus, Sven, Daniel Strüber, and Jan Jürjens. "Model-based security analysis of feature-oriented software product lines." ACM SIGPLAN Notices 53, no. 9 (2020): 93–106. http://dx.doi.org/10.1145/3393934.3278126.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Mellado, Daniel, Eduardo Fernández-Medina, and Mario Piattini. "Towards security requirements management for software product lines: A security domain requirements engineering process." Computer Standards & Interfaces 30, no. 6 (2008): 361–71. http://dx.doi.org/10.1016/j.csi.2008.03.004.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Raschke, Wolfgang, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, Christian Steger, and Christian Kreiner. "Balancing Product and Process Assurance for Evolving Security Systems." International Journal of Secure Software Engineering 6, no. 1 (2015): 47–75. http://dx.doi.org/10.4018/ijsse.2015010103.

Full text
Abstract:
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.
APA, Harvard, Vancouver, ISO, and other styles
9

Lienkov, Serhii, Volodymyr Dzhuliy, Oleksandr Yavorskyi, and Kostyantyn Zatsepin. "Information security model of functioning software." Smart technologies: Industrial and Civil Engineering 2, no. 15 (2024): 31–45. https://doi.org/10.32347/st.2024.2.1202.

Full text
Abstract:
The paper systematizes the models of reliable and safe functioning of the software. As a result of the research, three types of models were identified: analytical; statistical; empirical. A number of the most frequently used models are considered, and their disadvantages and advantages are highlighted from the point of view of solving the problem of describing the safe functioning of a software product and recognizing malicious software. According to the results of the research, the considered models have advantages in terms of the simplicity of their practical implementation, but at the same time, the following disadvantages are highlighted: some of the considered models require a large amount of computing resources when implemented - for security analysis and accumulation of archival data; the use of statistical and probabilistic models of assumptions that the intensity of attacks/failures or the number of errors in software have a pre-known distribution (binomial, standard or Poisson), which is not always true for real processes and systems; there is no division into software failures and failures due to cyber attacks, zero-day vulnerabilities are also not taken into account; memory accesses of the investigated software are not analyzed, which could provide important information about its legitimacy or the presence of malicious functions; none of the considered models provides a comprehensive representation of the process of software functioning, including, there is no analysis from the information security side. The task of recognizing malicious software is becoming more and more relevant and difficult every year in connection with the digitalization of human activities and the use of software for the execution of business logic and technical processes in complex systems. As a result, the larger the volume of software in the system, the more errors there are potentially, and due to the connection of modern systems to the Internet, the software is often distributed over the network, which allows attackers to create new vectors of cyber attacks on systems. The proposed model of safe functioning of the software product should eliminate the shortcomings inherent in the considered models. The proposed model eliminates the mentioned shortcomings due to the fact that it takes into account the characteristic features of the manifestation of malicious software on devices, namely the impact of malicious software on the computing resources of the system and working with RAM. This allows the developed model to take into account both the reliability of software operation and security. In terms of the model, the criteria for the safe functioning of the software are formulated, it is concluded that for the most effective implementation of such a model in practice, a hypervisor should be used.
APA, Harvard, Vancouver, ISO, and other styles
10

Nazarenko, M. A., A. I. Gorobets, D. V. Miskov, V. V. Muravyev, and A. S. Novikov. "ANTIVIRUS SOFTWARE AND INDUSTRIAL CYBER SECURITY SYSTEM CERTIFICATION IN RUSSIA." Russian Technological Journal 7, no. 1 (2019): 48–56. http://dx.doi.org/10.32362/2500-316x-2019-7-1-48-56.

Full text
Abstract:
The article is dedicated to issues in certification of antivirus software and industrial cyber security systems. It was shown that certification time in Russia is much longer than in the USA, European Union and Germany. The life time and the development time of products of this field were analyzed in the article. Each variable was specified for new products and for new versions of existing products. Some statistical methods were used in the article: Cronbach’s alfa, t-statistics, and median value similarity that are typical for the articles in quality management. As a result, it was found that certification time in Russia for industrial cyber security systems is significantly longer than in other analyzed countries, up to three-fold. Product development and life time are also longer. However, the most important result is that certification in Russia adds from 32.1 to 40 percent of time to the development of a new version or a new product, correspondingly, whereas in other investigated countries these numbers are about 17 percent. Reduction of certification time will increase new product development efficiency in the field of cyber security, which will improve positions of Russian products at the international mark et.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Software product security"

1

SILVEIRA, NETO Paulo Anselmo da Mota. "Assessing security in software product lines; a maintenance analysis." Universidade Federal de Pernambuco, 2017. https://repositorio.ufpe.br/handle/123456789/26968.

Full text
Abstract:
Defesa ocorreu em 02/06/2017, conforme Ata de Defesa e Folha de Aprovação, apesar da folha de aprovação, no PDF, informar data de defesa 02/06/2016.<br>Submitted by Pedro Barros (pedro.silvabarros@ufpe.br) on 2018-09-20T21:37:22Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5)<br>Approved for entry into archive by Alice Araujo (alice.caraujo@ufpe.br) on 2018-09-26T18:31:38Z (GMT) No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5)<br>Made available in DSpace on 2018-09-26T18:31:38Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5) Previous issue date: 2017-06-02<br>CNPq<br>Different terms such as "the real-time enterprise", "software infrastructures", "service oriented architectures" and "composite software applications" have gained importance in industry. It brings us the need of information systems that support cross-application integration, cross-company transactions and end-user access through a range of channels, including the Internet. In this context, Software Product Line (SPL) Engineering has gained importance by product oriented companies, as a strategy to cope with the increasing demand of large-scale product customization, providing an effective and efficient ways of improving productivity, software quality, and time-to-market. These benefits combined with the need of most applications interact with other applications, and the internet access makes critical assets vulnerable to many threats. For most of the product oriented companies, security requirements are likely to be as varied as for any other quality. Thus, it is important to supply variants of the same product to satisfy different needs. Owing to its variability management capabilities, software product line architectures can satisfy these requirements if carefully designed the resulting system has a better chance of meeting its expectations. All these requirements should be achieved at early design phases. Otherwise the cost to design a secure architecture will increase, which could worsen in SPL context, due to its complexity. In this context, this thesis evaluates different techniques to implement security tactics for the purpose of assessing conditional compilation and aspect-oriented programming as variability mechanisms concerning maintainability by accessing code size, separation of concerns, coupling and cohesion from software architects in the context of Software Product Lines projects. Hence, to better support SPL architects during design decisions, a family of experiments using three different testbeds was performed to analyze different security techniques regarding to maintainability. We have found that for most of the techniques conditional compilation had a smaller amount of lines of code when compared with Aspect Oriented Programming. The separation of concerns attribute had the low impact on maintainability when implemented with aspect-oriented programming. The analysis also showed that detect attack techniques are less costly than resist attack techniques. The results are useful for both researchers and practitioners. On the one hand, researchers can identify useful research directions and get guidance on how the security techniques impact on maintainability. On the other hand, practitioners can benefit from this thesis by identifying the less costly variability implementation mechanism, as well as, learning concrete techniques to implement security tactics at the code level.<br>Diferentes termos como “empresa em tempo real”, “infraestrutura de software”, “arquiteturas orientadas a serviço” e “aplicações de software” tem ganhado importância na indústria. Isso requer sistemas de informação que suportem a integração com outras aplicações, transações entre empresas e acesso ao usuário final por uma variedade de canais, incluindo internet. Nesse contexto, Linha de Produto de Software (LPS) tem ganhado importância por empresas orientadas a produtos de software, como uma estratégia para lidar com a crescente demanda de personalização de produtos em grande escala, proporcionando uma forma eficaz e eficiente de melhorar a produtividade, a qualidade do software e o tempo de lançamento para o mercado. Esses benefícios combinados com a necessidade da maioria dos aplicativos precisarem interagir com outras aplicações e o acesso à Internet tornam essas aplicações vulneráveis a muitas ameaças. Para a maioria das empresas orientadas à produto, os requisitos de segurança podem variar assim como outro atributo de qualidade do software. Assim, é importante fornecer variantes do mesmo produto para satisfazer diferentes necessidades. Devido às suas capacidades de gerenciamento de variabilidade, arquiteturas de linha de produtos têm a capacidade de satisfazer esses requisitos, se cuidadosamente projetada o sistema resultante terá uma melhor chance de satisfazer as expectativas. Todos esses requisitos devem ser alcançados nas primeiras fases do projeto, caso contrário, o custo para projetar uma arquitetura segura aumentará, o que poderia piorar no contexto SPL, devido à sua natureza complexa. Assim, para melhor apoiar os arquitetos durante as decisões de projeto. Uma família de experimentos utilizando três SPLs distintas foram utilizadas para analisar diferentes técnicas de segurança, implementadas usando compilação condicional (CC) e programação orientada a aspectos (AOP). Essa avaliação teve como objetivo analisar as técnicas e mecanismos em relação a: tamanho, “separation of concerns”, coesão e acoplamento. O resultado nos mostra que para a maioria das técnicas quando implementadas com compilação condicional apresentavam uma menor quantidade de código quando comparadas com AOP. O atributo de “separation of concerns” teve menor impacto na manutenção quando implementado com programação orientada a aspectos. A análise também mostrou que técnicas de detecção de ataque são menos onerosas do que técnicas para resistir a ataque. Os resultados são úteis para pesquisadores e profissionais. Por um lado, os pesquisadores podem identificar direções de pesquisa e obter orientação sobre como as técnicas de segurança impactam na manutenção. Por outro lado, os profissionais podem se beneficiar deste estudo, identificando o mecanismo de implementação da variabilidade menos dispendioso, bem como aprendendo técnicas concretas para implementar táticas de segurança a nível de código.
APA, Harvard, Vancouver, ISO, and other styles
2

Barta, Brian J. "An analysis of open source security software products downloads." Thesis, Capella University, 2014. http://pqdtopen.proquest.com/#viewpdf?dispub=3613581.

Full text
Abstract:
<p> Despite the continued demand for open source security software, a gap in the identification of success factors related to the success of open source security software persists. There are no studies that accurately assess the extent of this persistent gap, particularly with respect to the strength of the relationships of open source software development attributes and the number of security software downloads. The research conducted in this study investigates the strength of the relationships of particular open source software project development factors against a particular measure of open source security software success. This research focuses on open source software development with an emphasis on anti-virus, firewall and intrusion detection software. Additionally, reviewed in this study are some key cyber-security events that have shaped the cyber landscape as well as descriptions of some security technologies that have emerged as a result of those events. A level of correlation between the dependent variable <i>number of software downloads</i> and the independent variables <i>project team size</i> and <i>number of software project events</i> are analyzed in this research. </p>
APA, Harvard, Vancouver, ISO, and other styles
3

Moyo, Sibonile. "A software development methodology for solo software developers: leveraging the product quality of independent developers." Thesis, 2020. http://hdl.handle.net/10500/27292.

Full text
Abstract:
Software security for agile methods, particularly for those designed for individual developers, is still a major concern. With most software products deployed over the Internet, security as a key component of software quality has become a major problem. In addressing this problem, this research proposes a solo software development methodology (SSDM) that uses as minimum resources as possible, at the same time conforming to the best practice for delivering secure and high-quality software products. Agile methods have excelled on delivering timely and quality software. At the same time research also shows that most agile methods do not address the problem of security in the developed software. A metasynthesis of SSDMs conducted in this thesis confirmed the lack practices that promote security in the developed software product. On the other hand, some researchers have demonstrated the feasibility of incorporating existing lightweight security practices into agile methods. This research uses Design Science Research (DSR) to build, demonstrate and evaluate a lightweight SSDM. Using an algorithm adapted for the purpose, the research systematically integrates lightweight security and quality practices to produce an agile secure-solo software development methodology (Secure-SSDM). A multiple-case study in an academic and industry setting is conducted to demonstrate and evaluate the utility of the methodology. This demonstration and evaluation thereof, indicates the applicability of the methodology in building high-quality and secure software products. Theoretical evaluation of the agility of the Secure-SSDM using the four-dimensional analytical tool (4-DAT) shows satisfactory compliance of the methodology with agile principles. The main contributions in this thesis are: the Secure-SSDM, which entails description of the concepts, modelling languages, stages, tasks, tools and techniques; generation of a quality theory on practices that promote quality in a solo software development environment; adaptation of Keramati and Mirian-Hosseinabadi’s algorithm for the purposes of integrating quality and security practices. This research would be of value to researchers as it introduces the security component of software quality into a solo software development environment, probing more research in the area. To software developers the research has provided a lightweight methodology that builds quality and security into the product using minimum resources.<br>School of Computing<br>D. Phil. (Computer Science)
APA, Harvard, Vancouver, ISO, and other styles
4

Chien, Chih-liang, and 簡智亮. "Multiple-case Analysis of Intangible Asset Specificity、Concentration Ratios and Product Differentiation-the cases of Security Software Companies." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/99951758591915025645.

Full text
Abstract:
碩士<br>國立臺灣科技大學<br>企業管理系<br>101<br>This study provide four of the main corporations of security software industry as object.Discussing intangible asset specificity、concentration ratios and product differentiation.Using accounting deta to measure intangible asset specificity of above mentioned corporations. Also,try to explain the porportion between intangible asset specificity and resource allocation of security software corporations. Further,researcher carefully calculate market concentration ratios and Herfindahl-Hirschman Index and examining market structure of this field.In order to supply some strategic proposal for the concerning corporations while existing in a negative network effect .
APA, Harvard, Vancouver, ISO, and other styles
5

Neves, Catarina Sofia Boto das. "Software design for an awareness score of coffee products." Master's thesis, 2022. http://hdl.handle.net/10362/134200.

Full text
Abstract:
Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business Intelligence<br>All over the world, the food industry faces several challenges, such as food security and life conditions of agricultural workforce. The population holds an increasing interest in agricultural products to achieve a healthy lifestyle but might be promoting unethical practices at the farming process. Without knowing nothing but the country of origin of the product, the consumer is doing uninformed shopping. This study aims to develop a model, able to crosscheck the coffee products sold at the supermarket with their country of origin’s classification regarding food security, environmental sustainability and sociopolitical ethics. Another major objective is to propose an application to generate the classification of each coffee product, allowing the consumer to make informed shopping. The Awareness score is proposed to classify the coffee products in terms of its social and political responsibility during the products production. Underlying the proposed score, there is food security, environmental performance, migration integration policy, and child labour occurrence. The proposed prototype design allows developing a software for consumers to consult coffee products’ scores during the buying process. A survey allowed to understand that consumers are not deeply concerned with the underlying problems of coffee production, however, an application would allow them to make more concious shopping.
APA, Harvard, Vancouver, ISO, and other styles

Books on the topic "Software product security"

1

National Computer Security Center (U.S.), ed. Trusted product evaluation questionnaire. National Computer Security Center, 1990.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Blinovskaya, Yana, and Dar'ya Zadoya. Geoinformation systems in technosphere security. INFRA-M Academic Publishing LLC., 2021. http://dx.doi.org/10.12737/1002663.

Full text
Abstract:
The textbook considers the specifics of the use of information technologies in technosphere security. The article describes the characteristics of software products used to solve problems in the areas of life safety, organization of industrial production and environmental protection. &#x0D; Meets the requirements of the federal state educational standards of higher education of the latest generation.&#x0D; For students studying in the enlarged group of training areas 20.00.00 "Technosphere safety and environmental management", as well as for students of related specialties studying the impact of industrial production on the environment and using GIS tools.
APA, Harvard, Vancouver, ISO, and other styles
3

Quinn, Stephen D. National Checklist Program for IT products: Guidelines for checklist users and developers : recommendations of the National Institute of Standards and Technology. U.S. Dept. of Commerce, National Institute of Standards and Technology, 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Ph.D. Jide B. Odubiyi. Building Survivable Systems: Principles and Applications for Complex Product, Process, and Organizational Change Models. Ilori Press, 2007.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

Software Engineering: Software Development, Architecture, Design Patterns, Testing, Product Management, Project Lifecycle, TR5, Programming, Quality Assurance, Security Systems, Service and Practic. Independently Published, 2022.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Software Engineering: Software Development, Architecture, Design Patterns, Testing, TR5, Product Management, Project Lifecycle, Programming, Quality Assurance, Security Systems, Service and Practice. Independently Published, 2022.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Stewart, Andrew J. A Vulnerable System. Cornell University Press, 2021. http://dx.doi.org/10.7591/cornell/9781501758942.001.0001.

Full text
Abstract:
As threats to the security of information pervade the fabric of everyday life, this book describes how, even as the demand for information security increases, the needs of society are not being met. The result is that the confidentiality of our personal data, the integrity of our elections, and the stability of foreign relations between countries are increasingly at risk. The book convincingly shows that emergency software patches and new security products cannot provide the solution to threats such as computer hacking, viruses, software vulnerabilities, and electronic spying. Profound underlying structural problems must first be understood, confronted, and then addressed. This book delivers a long view of the history of information security, beginning with the creation of the first digital computers during the Cold War. From the key institutions of the so-called military industrial complex in the 1950s to Silicon Valley start-ups in the 2020s, the relentless pursuit of new technologies has come at great cost. The absence of knowledge regarding the history of information security has caused the lessons of the past to be forsaken for the novelty of the present, and has led us to be collectively unable to meet the needs of the current day. From the very beginning of the information age, claims of secure systems have been crushed by practical reality. The myriad risks to technology, the book reveals, cannot be addressed without first understanding how we arrived at this moment. The book is an enlightening and sobering history of a topic that affects crucial aspects of our lives.
APA, Harvard, Vancouver, ISO, and other styles
8

Law, Committee on Cyberspace. Selling Products and Services and Licensing Software Online: An Interactive Guide with Legal Forms and Commentary to Privacy, Security and Consumer Law Issues. American Bar Association, 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Wilkinson, Frances C., and Sever Bordeianu, eds. The Complete Guide to RFPs for Libraries. ABC-CLIO, LLC, 2018. http://dx.doi.org/10.5040/9798400629761.

Full text
Abstract:
Learn how to write a Request for Proposal (RFP) so that you receive your library's desired materials, resources, and equipment at the lowest price. This comprehensive book covers the philosophy behind RFPs to prime readers to understand how to most effectively write them and provides instruction on navigating the submission process as it applies to multiple types of libraries. For many years, only large academic and public libraries and a few library systems regularly used RFPs. Now, smaller schools, public libraries, and library systems use RFPs as tools to select vendors for computer equipment, online systems, databases, and materials. Library consortia frequently use RFPs to select databases and integrated library systems. In this useful book, readers will learn more about the types and advantages of RFPs; the timelines and logistics for submitting RFPs; how to write different types of RFPs; how to evaluate vendor performance; the transfer process when a new vendor is selected; vendor perspectives; and RFP ethics. An appendix includes sample RFPs and evaluation materials, and a glossary defines language necessary to writing and understanding RFPs. This book is essential reading for librarians who need to select vendors to provide library materials including books, serials, and media in all formats as well as for those who are choosing integrated library systems, security and inventory systems such as RFID, computer equipment and software, online and streaming materials such as books and music, or services such as digitization. Teaches readers how to acquire an appropriate product from a vendor at the lowest price Provides practical examples of questions to use in various RFPs as well as lessons learned Includes sample RFPs and evaluation materials Incorporates perspectives of librarians and vendors with experience in various aspects of the RFP process
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Software product security"

1

Fægri, Tor Erlend, and Svein Hallsteinsen. "A Software Product Line Reference Architecture for Security." In Software Product Lines. Springer Berlin Heidelberg, 2006. http://dx.doi.org/10.1007/978-3-540-33253-4_8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Arciniegas, Jose L., Juan C. Dueñas, Jose L. Ruiz, Rodrigo Cerón, Jesus Bermejo, and Miguel A. Oltra. "Architecture Reasoning for Supporting Product Line Evolution: An Example on Security." In Software Product Lines. Springer Berlin Heidelberg, 2006. http://dx.doi.org/10.1007/978-3-540-33253-4_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Jaatun, Martin Gilje, and Inger Anne Tøndel. "Playing Protection Poker for Practical Software Security." In Product-Focused Software Process Improvement. Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-49094-6_55.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Fockel, Markus, Sven Merschjohann, and Masud Fazal-Baqaie. "Threat Analysis in Practice – Systematically Deriving Security Requirements." In Product-Focused Software Process Improvement. Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-03673-7_25.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Finnegan, Anita, Fergal McCaffery, and Gerry Coleman. "A Security Assurance Framework for Networked Medical Devices." In Product-Focused Software Process Improvement. Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-39259-7_35.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Okubo, Takao, Yoshio Kakizaki, Takanori Kobashi, et al. "Security and Privacy Behavior Definition for Behavior Driven Development." In Product-Focused Software Process Improvement. Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-13835-0_28.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Baninemeh, Elena, Harold Toomey, Katsiaryna Labunets, Gerard Wagenaar, and Slinger Jansen. "An Evaluation of the Product Security Maturity Model Through Case Studies at 15 Software Producing Organizations." In Lecture Notes in Business Information Processing. Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-53227-6_23.

Full text
Abstract:
AbstractCybersecurity is becoming increasingly important from a software business perspective. The software that is produced and sold generally becomes part of a complex landscape of customer applications and enlarges the risk that customer organizations take. Increasingly, software producing organizations are realizing that they are on the front lines of the cybersecurity battles. Maintaining security in a software product and software production process directly influences the livelihood of a software business. There are many models for evaluating security of software products. The product security maturity model is commonly used in the industry but has not received academic recognition. In this paper we report on the evaluation of the product security maturity model on usefulness, applicability, and effectiveness. The evaluation has been performed through 15 case studies. We find that the model, though rudimentary, serves medium to large organizations well and that the model is not so applicable within smaller organizations.
APA, Harvard, Vancouver, ISO, and other styles
8

Jasser, Stefanie. "Constraining the Implementation Through Architectural Security Rules: An Expert Study." In Product-Focused Software Process Improvement. Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-35333-9_15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Baca, Dejan, and Kai Petersen. "Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec)." In Product-Focused Software Process Improvement. Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-13792-1_15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Moyón, Fabiola, Rafael Soares, Maria Pinto-Albuquerque, Daniel Mendez, and Kristian Beckers. "Integration of Security Standards in DevOps Pipelines: An Industry Case Study." In Product-Focused Software Process Improvement. Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-64148-1_27.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Software product security"

1

Rafi, Saima, Muhammad Azeem Akbar, and Arif Ali Khan. "Empirical Insights into Product Security Challenges and Practices in Software Development." In 2024 International Conference on Frontiers of Information Technology (FIT). IEEE, 2024. https://doi.org/10.1109/fit63703.2024.10838436.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Sonnekalb, Tim, Celestino Madera Castro, Bernd Gruner, Clemens-Alexander Brust, and Wolfram Amme. "Vulnerability Prediction and Assessment Using Software Product Metrics and Machine Learning: What Does Not Work." In 2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C). IEEE, 2024. http://dx.doi.org/10.1109/qrs-c63300.2024.00148.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Ojha, Ravish Kumar, Harish Kumar Rai, and Suresh Koduru. "Strategic Integration of Security Product Standard: A Comparative Study of Early vs. Late Implementation in Software Development." In 2024 First International Conference on Pioneering Developments in Computer Science & Digital Technologies (IC2SDT). IEEE, 2024. http://dx.doi.org/10.1109/ic2sdt62152.2024.10696301.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Pandey, Anupriya, and Kamal Singh. "Software Security Testing Lifecycle for Automotive Products." In 2024 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2024. http://dx.doi.org/10.1109/csr61664.2024.10679433.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Gaska, Thomas, Doug Summerville, Marilyn Gaska, and Yu Chen. "Model Based Engineering for Advanced Integrated Modular Avionics - Focus and Challenges." In Vertical Flight Society 73rd Annual Forum & Technology Display. The Vertical Flight Society, 2017. http://dx.doi.org/10.4050/f-0073-2017-12031.

Full text
Abstract:
Advanced Integrated Modular Avionics (A-IMA) will drive new focus and challenges for Model Based Engineering (MBE). First, there is the need to bridge MBE to legacy system elements that were developed without MBE along with the need to handle hybrid Open System Architecture / Integrated Modular Avionics (OSA/IMA) based architectures. Second, there is the need for MBE to be reusable and interoperable across product development cycles as technology insertions occur. Third, there is the need for integration of MBE into synthesizable descriptions that can also be effectively validated for mixed general purpose, safety, and secure computing and networking environments. Fourth is the need for effective application of MBE in hybrid waterfall and agile development environments where target infrastructure is scalable in capability and cost. Fifth is the need for MBE to support partitioned roles across companies, government, and universities where one entity does requirements, one does architecture, one develops components, one provides formal test, and another provides system sustainment. There are a number of industry and university efforts underway to address these focus items and challenges spread across these adjacent MBE complex system domains. This paper is focused on the current state of each of these areas relative to use in A-IMA systems based on industry initiatives and academic research. It uses the driverless car for comparison as an emerging "Advanced Integrated Modular Architecture" and identifies its parallel approaches to address these focused items and challenges. This work is being built on the authors' work exploring dual use technologies being developed for the driverless car domain that will lead to a market of 10 Million autonomous cars operating in 2020. Previous papers have addressed identification of potential advanced automotive dual use transformational hardware and software technologies including many core processing, advanced software autonomy and data fusion components, unified mixed criticality networking, and integrated cyber security for A-IMA. A testbed has also been recently proposed as a mechanism to evaluate these dual use technologies in an A-IMA context. This paper extends the dual use view to include understanding of the best-of-breed avionics MBE environment and how it can be complementary to leveraging a testbed environment in addressing affordable, scalable, and open solutions.
APA, Harvard, Vancouver, ISO, and other styles
6

"SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES." In International Conference on Security and Cryptography. SciTePress - Science and and Technology Publications, 2008. http://dx.doi.org/10.5220/0001922804420449.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Sprovieri, Danilloo, Nikolaos Argyropoulos, Carine Souveyet, Raul Mazo, Haralambos Mouratidis, and Andrew Fish. "Security Alignment Analysis of Software Product Lines." In 2016 4th International Conference on Enterprise Systems (ES). IEEE, 2016. http://dx.doi.org/10.1109/es.2016.19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Mellado, Daniel, Eduardo Fernandez-Medina, and Mario Piattini. "Security Requirements Variability for Software Product Lines." In 2008 Third International Conference on Availability, Reliability and Security. IEEE, 2008. http://dx.doi.org/10.1109/ares.2008.165.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Kenner, Andy, Richard May, Jacob Krüger, Gunter Saake, and Thomas Leich. "Safety, security, and configurable software systems." In SPLC '21: 25th ACM International Systems and Software Product Line Conference. ACM, 2021. http://dx.doi.org/10.1145/3461001.3471147.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Dziwok, Stefan, Sven Merschjohann, and Thorsten Koch. "A Software Security Study among German Developers, Product Owners, and Managers." In 13th International Conference on Applied Human Factors and Ergonomics (AHFE 2022). AHFE International, 2022. http://dx.doi.org/10.54941/ahfe1002208.

Full text
Abstract:
Online news portals report almost daily on security incidents in all kinds of software products in finance, health, and engineering. Moreover, multiple security reports conclude that there is a growing number of security vulnerabilities, attacks, and incidents. This raises the question of the extent to which companies address software security while developing and operating their products. This paper reports on the results of an extensive study among developers, product owners, and managers in Germany. Our results show that ensuring security is a multi-faceted challenge for German companies, involving low awareness, inaccurate self-assessment, and a lack of competence on the topic of secure software development among all stakeholders. Thus, there is an urgent need to improve the current situation.
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Software product security"

1

Ruby, Jeffrey, Richard Massaro, John Anderson, and Robert Fischer. Three-dimensional geospatial product generation from tactical sources, co-registration assessment, and considerations. Engineer Research and Development Center (U.S.), 2023. http://dx.doi.org/10.21079/11681/46442.

Full text
Abstract:
According to Army Multi-Domain Operations (MDO) doctrine, generating timely, accurate, and exploitable geospatial products from tactical platforms is a critical capability to meet threats. The US Army Corps of Engineers, Engineer Research and Development Center, Geospatial Research Laboratory (ERDC-GRL) is carrying out 6.2 research to facilitate the creation of three-dimensional (3D) products from tactical sensors to include full-motion video, framing cameras, and sensors integrated on small Unmanned Aerial Systems (sUAS). This report describes an ERDC-GRL processing pipeline comprising custom code, open-source software, and commercial off-the-shelf (COTS) tools to geospatially rectify tactical imagery to authoritative foundation sources. Four datasets from different sensors and locations were processed against National Geospatial-Intelligence Agency–supplied foundation data. Results showed that the co-registration of tactical drone data to reference foundation varied from 0.34 m to 0.75 m, exceeding the accuracy objective of 1 m described in briefings presented to Army Futures Command (AFC) and the Assistant Security of the Army for Acquisition, Logistics and Technology (ASA(ALT)). A discussion summarizes the results, describes steps to address processing gaps, and considers future efforts to optimize the pipeline for generation of geospatial data for specific end-user devices and tactical applications.
APA, Harvard, Vancouver, ISO, and other styles
2

Šulus, Vytautas, and Pavel Voitkun. Prototype of the Electronic Voting System. Security Implementations Using Database Facilities. Vilnius Business College, 2024. https://doi.org/10.57005/ab.2024.3.4.

Full text
Abstract:
Electronic Voting Systems (EVS) has become more popular and has progressed despite many concerns about auditing and transparency. Authors present a technical solution for a prototype of a possible EVS. This prototype, with additional improvements, could be used as an EVS in Lithuania and other countries worldwide. This article is intended to show how EVS requirements relate to software solutions using open-source products.
APA, Harvard, Vancouver, ISO, and other styles
3

Nagle, Frank, James Dana, Jennifer Hoffman, Steven Randazzo, and Yanuo Zhou. Census II of Free and Open Source Software — Application Libraries. The Linux Foundation, 2022. https://doi.org/10.70828/kheh5209.

Full text
Abstract:
Produced in partnership with Harvard Laboratory for Innovation Science (LISH) and the Open Source Security Foundation (OpenSSF), Census II is the second investigation into the widespread use of Free and Open Source Software (FOSS). The Census II effort utilizes data from partner Software Composition Analysis (SCA) companies including Snyk, the Synopsys Cybersecurity Research Center (CyRC), and FOSSA. The aggregated data includes over half a million observations of FOSS libraries used in production applications at thousands of companies, aiming to shed light on the most commonly used FOSS packages at the application library level. This effort builds on the Census I report that focused on the lower level critical operating system libraries and utilities, improving our understanding of the FOSS packages that software applications rely on. Such insights will help identify critical FOSS packages to allow resource prioritization to address security issues in this widely used software.
APA, Harvard, Vancouver, ISO, and other styles
4

Hendrick, Stephen. Software Bill of Materials (SBOM) and Cybersecurity Readiness. The Linux Foundation, 2022. https://doi.org/10.70828/rytl5793.

Full text
Abstract:
The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, produced in partnership with SPDX, OpenChain, and OpenSSF, reports on the extent of organizational SBOM readiness and adoption and its significance to improving cybersecurity throughout the open source ecosystem. The study comes on the heels of the US Administration’s Executive Order on Improving the Nation’s Cybersecurity, and the disclosure of the most recent and far-reaching log4j security vulnerability. Its timing coincides with increasing recognition across the globe of the importance of identifying software components and helping accelerate widespread implementation of cybersecurity best practices to mitigate the impact of software vulnerabilities.
APA, Harvard, Vancouver, ISO, and other styles
5

Wei, Wenbin, Nigel Blampied, and Raajmaathangi Sreevijay. Evaluation, Comparison, and Improvement Recommendations for Caltrans Financial Programming Processes and Tools. Mineta Transportation Institute, 2023. http://dx.doi.org/10.31979/mti.2023.2058.

Full text
Abstract:
The California Transportation Improvement Program System (CTIPS) is the main tool used by Caltrans’ Division of Financial Programming to support the business of transportation programming. It is a multi-agency joint-use project programming database system applied to develop and manage various state and federal transportation programming documents. The goal of this project is to evaluate CTIPS and explore various new options that will maintain the current functionality of CTIPS, meet legislative guidelines for ADA compliance, ensure security of the system, and have sufficient scalability and capabilities for integration with other systems in the future. The research is based on the review of current and historical documents, interviews, and surveys of the customers of the Division of Financial Programming; the survey of programming systems used by the other 49 states and District of Columbia (DC) in the U.S.; an interview with the CTIPS service support provider; and interviews and surveys of the software companies that provide services and products similar to CTIPS. This research identifies risks associated with CTIPS and opportunities for improvements; compares the processes in California with currently recognized best practices and with those used in the other states in the U.S.; and makes recommendations for the improvement of CTIPS. Research results could help Caltrans better capture current data needs and future analytics requirements and make an informed decision about modernizing and upgrading an essential programming database.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Software product security' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography