Decision support for managing security complexity in software development




Church, Derek Kenneth

Journal Title

Journal ISSN

Volume Title



Security in software applications is a growing concern. This is evidenced by the increasing number of media articles, which detail money lost and the invasion of privacy that occurs, when the security vulnerabilities of a software application are exploited. As a new and rapidly evolving field, the issue of security in software is still an open area of research. The most common methods consist either of A) a reactive survey where subjective determination is made of the level of security present in the software or B) an attempt to integrate security issues into the software development process. The least costly and arguably more effective approach is the latter. However, current approaches rely heavily on the presence of experts in the domain of security to both identify and resolve the issues. Such experts are not always available for each software development project, creating a problem for a project team needing to inject security into their process. This thesis represents an approach for realizing the construction of a decision-support tool for injecting security into an existing process model. Current literature involving security is examined, and the information gleaned is used to construct a security ontology using grounded theory. A framework is then created that maps into existing software process models and the framework loaded with information from the ontology. A practical analysis using the framework is done by examining the TAPAS project in order to revise the tool, with the goal of increasing usability. This analysis is also used to determine if the tool can identify areas of opportunity with regard to security in the TAPAS project.



software, development, computer security