View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Supporting and automating the security assessment of software products using tools

        Thumbnail
        View/Open
        thesis.pdf (1.055Mb)
        Publication date
        2014
        Author
        Savvidis, N.
        Metadata
        Show full item record
        Summary
        IT security incidents are increasingly frequent, increasingly costly and increasingly dif- ficult to prevent. To bring software security to a higher level, international standards like the ISO/IEC 25010 have been developed to address security issues for software quality. This standard provides a powerful framework for analysing software quality aspects, one of which is security. Software Improvement Group (SIG) has proposed a security product quality model that operationalises the ISO/IEC 25010. Our work started with studying and analysing this security model. The goal was to propose tools that could enhance and support the process of applying this model, since currently the tool support for this is minimal and most of the work is done manually. We broke down the process of applying the security model into steps and identified the steps that could benefit from using tools. We proceeded in looking for already available tools that fit our purposes, as well as in finding ways for measuring their effectiveness. Our research did not lead us to a tool that was suitable for one of the steps of applying the SIG security model, so we designed and implemented one. We used an internal application of SIG as a ground truth for our tool development, and then tested it on two real-life projects of SIG. The tests were performed by experienced technical consultants of the company, and we used the results and their feedback to evaluate the degree of applicability and usefulness of our tool.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/16372
        Collections
        • Theses
        Utrecht university logo