Shanai Ardi, David Byers, Per Håkon Meland, Inger Anne Tødel, Nahid Shahmehri:
How can the developer benefit from security modeling?.

In: Proceedings of
First International Workshop on Secure Software Engineering (SecSE 2007), Vienna, Austria (10th - 13th April 2007), 1017-1025, April 2007
© IEEE Computer Society

Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g. threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development.



	author = {Shanai Ardi and David Byers and Per Håkon Meland and Inger Anne Tødel and Nahid Shahmehri},
	title = {How can the developer benefit from security modeling?},
	booktitle = {Proceedings of First International Workshop on Secure Software Engineering, Vienna, Austria (10th--13th April 2007)},
	year = {2007},
	pages = {1017--1025},
	url = {}