Queen's University - Utility Bar

QSpace at Queen's University >
Graduate Theses, Dissertations and Projects >
Queen's Graduate Theses and Dissertations >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1974/7625

Title: Orthogonal Security Defect Classification for Secure Software Development
Authors: Hunny, UMME

Files in This Item:

File Description SizeFormat
Hunny_Umme_201210_MSc.pdf10.83 MBAdobe PDFView/Open
Keywords: Security defect classification
Software security
Issue Date: 31-Oct-2012
Series/Report no.: Canadian theses
Abstract: Security defects or vulnerabilities are inescapable in software development. Thus, it is always better to address security issues during the software development phases, rather than developing patches after the security threats are already in place. In line with this, a number of secure software development approaches have been proposed so far to address the security issues during the development processes. However, most of these approaches lack specific process improvement activities. The practice of taking adequate corrective measures at the earliest possible time by learning from the past mistakes is absent in case of such security-aware iterative software development processes. As one might imagine, software security defect data provide an invaluable source of information for a software development team. This thesis aims at investigating existing security defect classification schemes and providing a structured security-specific defect classification and analysis methodology. Our methodology which we build on top of the Orthogonal Defect Classification (ODC) scheme, is customized to generate in-process feedback by analyzing security defect data. More specifically, we perform a detailed analysis on the classified security defect data and obtain in-process feedback using which the next version of software can be more secure and reliable. We experiment our methodology on the Mozilla Firefox and Chrome security defect repositories using six consecutive versions and milestones, respectively. We find that the in-process feedback generated by applying this methodology can help take corrective actions as early as possible in iterative secure software development processes. Finally, we study the correlations between software security defect types and the phases of software development life-cycle to understand development improvement by complementing the previous ODC scheme.
Description: Thesis (Master, Computing) -- Queen's University, 2012-10-30 15:47:34.47
URI: http://hdl.handle.net/1974/7625
Appears in Collections:Queen's Graduate Theses and Dissertations
School of Computing Graduate Theses

Items in QSpace are protected by copyright, with all rights reserved, unless otherwise indicated.


  DSpace Software Copyright © 2002-2008  The DSpace Foundation - TOP