Abstract
In recent years computer software has gained notoriety for the endemic nature of security problems in software. These problems have been exploited with malicious intent by attackers. Most attempts at fixing these problems have been after-the-fact fixes in the form of software patches. The root causes for security problems in software are explored. A survey of research attempts at engineering secure software is presented. The techniques discussed range from those that are very similar to classical software engineering, to those that may be used in analyses of security requirements, as well as tools that can help engineer secure software. The survey classifies the approaches as process-oriented and as tools-oriented. The current approaches are incomplete in nature. They seem to address the security problem in parts and not in the whole. A comprehensive methodology, integrated with evolutionary software engineering practices is presented. The methodology combines both process and tools oriented approaches to construct secure software.
Jetly, Prateek (2001). Engineering secure software. Master's thesis, Texas A&M University. Available electronically from
https : / /hdl .handle .net /1969 .1 /ETD -TAMU -2001 -THESIS -J47.