Idea-caution before exploitation: the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities

Research output: Chapter in Book/Report/Conference proceedingConference contribution

201 Downloads (Pure)

Abstract

The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.
Original languageEnglish
Title of host publicationEngineering secure software and systems
Subtitle of host publication9th Internatinal symposium, ESSoS 2017 Bonn, Germany, July 3-5, 2017: proceedings
EditorsEric Bodden, Mathias Paye, Elias Athanasopoulos
Place of PublicationChambray
PublisherSpringer
Pages133-142
Number of pages10
Edition1
ISBN (Electronic)9783319621050
ISBN (Print)9783319621043
DOIs
Publication statusPublished - 5 Jul 2017
Event9th International Symposium on Engineering Secure Software and Systems - University of Bonn, Bonn, Germany
Duration: 3 Jul 20175 Jul 2017

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10379
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference9th International Symposium on Engineering Secure Software and Systems
Abbreviated titleESSoS 2017
CountryGermany
CityBonn
Period3/07/175/07/17

Fingerprint Dive into the research topics of 'Idea-caution before exploitation: the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities'. Together they form a unique fingerprint.

  • Cite this

    Nafees, T., Coull, N., Ferguson, R. I., & Sampson, A. (2017). Idea-caution before exploitation: the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities. In E. Bodden, M. Paye, & E. Athanasopoulos (Eds.), Engineering secure software and systems: 9th Internatinal symposium, ESSoS 2017 Bonn, Germany, July 3-5, 2017: proceedings (1 ed., pp. 133-142). (Lecture Notes in Computer Science; Vol. 10379). Springer. https://doi.org/10.1007/978-3-319-62105-0_9