CFP last date
22 April 2024
Reseach Article

Article:A Strategic Approach for Risk Analysis of Production Software Systems

by Sumithra A, Ramaraj E, Sree Ram Kumar T
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 10 - Number 2
Year of Publication: 2010
Authors: Sumithra A, Ramaraj E, Sree Ram Kumar T
10.5120/1453-1964

Sumithra A, Ramaraj E, Sree Ram Kumar T . Article:A Strategic Approach for Risk Analysis of Production Software Systems. International Journal of Computer Applications. 10, 2 ( November 2010), 23-30. DOI=10.5120/1453-1964

@article{ 10.5120/1453-1964,
author = { Sumithra A, Ramaraj E, Sree Ram Kumar T },
title = { Article:A Strategic Approach for Risk Analysis of Production Software Systems },
journal = { International Journal of Computer Applications },
issue_date = { November 2010 },
volume = { 10 },
number = { 2 },
month = { November },
year = { 2010 },
issn = { 0975-8887 },
pages = { 23-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume10/number2/1453-1964/ },
doi = { 10.5120/1453-1964 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:58:45.109984+05:30
%A Sumithra A
%A Ramaraj E
%A Sree Ram Kumar T
%T Article:A Strategic Approach for Risk Analysis of Production Software Systems
%J International Journal of Computer Applications
%@ 0975-8887
%V 10
%N 2
%P 23-30
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Defects in production software can incur heavy damage to a business operation; yet most current approaches to software security assessment focus primarily on new code development. The paper aims at introducing a strategic approach for reducing the operational security risk. The familiar top-down structured development process used by internal development groups is totally inappropriate for risk analysis of production software systems. And generally the cost of finding and fixing a bug in a production system is regarded as too high. So there is an imperative necessity to focus on approaches tailored specifically for production software systems which is the one attempted here.

References
  1. 2005 Breach Analysis, April 2006 http://www.software.co.il/downloads/breachAnalysis2005.xls
  2. Privacy Rights Clearinghouse, http://www.privacyrights.org/
  3. Developing Secure Software, Noopur Davis, http://www.softwaretechnews.com/stn8-2/noopur.html
  4. Top-down Security”, Alan Paller, http://infosecuritymag.techtarget.com/articles/1999/paller.shtml
  5. In production, it’s often 100 times more expensive than finding and fixing the bug during requirements and design phase”. Barry Boehm, Victor R. Basili, IEE Computer, 34(1): 135-137, 2001
  6. CVSS (Common Vulnerability Scoring System) is a standard way to convey vulnerability severity and help determine urgency and priority of response, http://www.first.org/cvss/intro/ Vendors such as Cisco, Symantec and Skype use CVSS to score their own application vulnerabilities.
  7. CLASP (Comprehensive, Lightweight Application Security Process), http://www.owasp.org/index.php/CLASP
Index Terms

Computer Science
Information Sciences

Keywords

Risk Production Software System Security Risk Vulnerability Software Components