The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.
|Title of host publication||Engineering secure software and systems|
|Subtitle of host publication||9th Internatinal symposium, ESSoS 2017 Bonn, Germany, July 3-5, 2017: proceedings|
|Editors||Eric Bodden, Mathias Paye, Elias Athanasopoulos|
|Place of Publication||Chambray|
|Number of pages||10|
|Publication status||Published - 5 Jul 2017|
|Event||9th International Symposium on Engineering Secure Software and Systems - University of Bonn, Bonn, Germany|
Duration: 3 Jul 2017 → 5 Jul 2017
|Name||Lecture Notes in Computer Science|
|Conference||9th International Symposium on Engineering Secure Software and Systems|
|Abbreviated title||ESSoS 2017|
|Period||3/07/17 → 5/07/17|
FingerprintDive into the research topics of 'Idea-caution before exploitation: the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities'. Together they form a unique fingerprint.
20 Mar 2019
Student thesis: Doctoral ThesisFile