Software Quality Assurance and Security. Longe Oluwafunmilola Aderannibi. Department of Computer Science. Adeleke University Ede,

Similar documents
Instructional Design Tips for Virtually Teaching Practical SkillsPeter Fenrich British Columbia Institute of Technology, Burnaby, Canada

Module 2. Software Life Cycle Model. Version 2 CSE IIT, Kharagpur

Software Engineering Compiled By: Roshani Ghimire Page 1

Five Steps to Optimizing an ecommerce Site for Search Engines

A Guide to Carrying Out a SWOT Analysis Introduction

WHAT IS APPLICATION LIFECYCLE MANAGEMENT?

Software Application Control and SDLC

Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches

A VERITAS PERSPECTIVE: Maximize Agility, Minimize Risk In The Multi-Vendor Hybrid Cloud

ENTERPRISE RISK MANAGEMENT POLICY

CHAPTER 1 ANALYZING BUSINESS GOAL & CONSTRAINTS

Data Management Value Proposition

THE HUMAN COMPONENT OF CYBER SECURITY

Shaun Murphy's Guide To Better Greyhound Punting

Security Defense Strategy Basics

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

Designing and Developing Performance Measurement Software Solution

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

PROCESS OF MOVING FROM WATERFALL TO AGILE PROJECT MANAGEMENT MODEL

Kunal Jamsutkar 1, Viki Patil 2, P. M. Chawan 3 (Department of Computer Science, VJTI, MUMBAI, INDIA)

Ignite Visibility Consulting. How to Blog. Prepared by John Lincoln. Copyright 2013 Ignite Visibility Page 1

Key Components of a Risk-Based Security Plan

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Application Security in the Software Development Lifecycle

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

THE BUSINESS VALUE OF SOFTWARE QUALITY

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

Involve-Project Manager

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Making the business case for C4RISK databasebased Operational Risk Management software

ISO/IEC Safeguarding Personal Information in the Cloud. Whitepaper

MANAGING THE SYSTEMS DEVELOPMENT LIFE CYCLE

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

Using Leading Indicators to Drive Sustainability Performance. Responding to changing circumstances and improving future performance

Aligning Disaster Recovery and Business Continuity to Business Objectives. Session E7 John Jackson Fusion Risk Management, Inc.

Cisco Virtual Desktop Infrastructure Strategy Service

PhD in Information Studies Goals

IBM index reveals key indicators of business continuity exposure and maturity

Internet File Management & HIPAA A Practical Approach towards Responding to the Privacy Regulation of the Act

Criminal Justice Evaluation Framework (CJEF): Conducting effective outcome evaluations

EVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT. The Booz Allen Data Science Talent Management Model

Nine Steps to Smart Security for Small Businesses

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

EIGHT QUALITY MANAGEMENT PRINCIPLES

11/23/2011. PPC Search Advertising. There are Two Key Parts to any Search Engine Marketing Strategy. 1. Search Engine Optimisation (SEO)

Disaster Prevention and Recovery for School System Technology

NIST Special Publication (SP) , Revision 2, Security Considerations in the System Development Life Cycle

Accelerate Your Enterprise Private Cloud Initiative

Chapter-1 : Introduction 1 CHAPTER - 1. Introduction

Process Consultation Revisited Building the Helping Relationship

Ensuring security the last barrier to Cloud adoption

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Risk Management Framework for IT-Centric Micro and Small Companies

Packet Sniffing on Layer 2 Switched Local Area Networks

Speech Analytics: Best Practices for Analytics- Enabled Quality Assurance. Author: DMG Consulting LLC

Change Management in an Engineering Organization (A Case Study)

Evaluating Teaching Innovation

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Cloud Sure - Virtual Machines

Chapter 6 Marketing services

(voľný riadok písmo Arial 12) ENTERPRISE RISK MANAGEMENT AND THE INFORMATION SECURITY

Software Testing Certifications

Chapter 5 Use the technological Tools for accessing Information 5.1 Overview of Databases are organized collections of information.

Marketing For Small Business. How Marketing Can Bring In More Customers And Boost Your Profits

How leadership must change to meet the future*

The Influence of Software Vulnerabilities on Business Risks 1

Module 6 Essentials of Enterprise Architecture Tools

Marketing For Chiropractors. How Marketing Can Bring In More Clients And Boost Your Profits

The Model of Human Resource Development System s Evaluation

CONTENT STORE SURVIVAL GUIDE

Measurement Information Model

Change Management. Why Change Management? CHAPTER

Capturing the New Frontier:

Data Quality Assessment. Approach

Software Security Engineering: A Key Discipline for Project Managers

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Transcription:

1806 Software Quality Assurance and Security Longe Oluwafunmilola Aderannibi Department of Computer Science Adeleke University Ede, State of Osun, Nigeria. longefunmilola@gmail.com ABSTRACT This paper focuses on the development of a quality assured software, it shows the importance of software reviews in the software development process and also how indispensable security is to software development; any software with no security is vulnerable. Therefore, this paper recommends that software should be developed in a very well defined way; using strict sequence of methodological steps, in a formal and systematic way. It should be noted that quality is the responsibility of a product and security is a part of the totality of quality of a system. KEYWORDS: Computer Software development, Software Quality Assurance, Security INTRODUCTION Computer Software is the product that software professionals build and then support over the long term; this confirms the fact that software development is an endless process (Dr. Jimoh R.G Computer Science Department, University of Ilorin, Nigeria). It encompasses programs that executes within a computer of any size and architecture, content that is presented as a computer programs, execute, and descriptive information in both hardcopy and virtual forms that encompasses virtually any electronic media. Software development entails a process, a collection of methods (practice) and an array of tools that allows software engineers to build high quality computer software. Quality has been defined as: The totality of features and characteristics of a product or 2015

1807 service that bear on its ability to satisfy stated or implied needs. Assurance on the other hand refers to as having SOFTWARE DEVELOPMENT An Engineering Task to Building Software a level of confidence. Software development can also mean the Security is defined by the American Heritage application of a systematic, disciplined, Dictionary in their on-line database as: 1) Freedom from risk or danger; safety; 2) quantifiable approach to the development, operation, and maintenance of software; i.e. the Freedom from doubt, anxiety, or fear; application of engineering to software. This confidence; 3) Something that gives or assures safety, Therefore, in this sense, Software Quality Assurance (SQA) is the level of confidence that software functions as intended and is free of make software development to be a layered technology, any engineering approach must rest on an organizational commitment to quality and total quality management in which security plays a vital role. vulnerabilities, either intentionally or In the discussion on software development, the unintentionally designed or inserted as part of importance of the Software Development Life the software throughout the life cycle; coupled Cycle (SDLC) cannot be overemphasized. It is a with the security advantage that serves as a great determinant to the success and quality component of quality. It is necessary to select and follow a formal practice for software development is to provide desired discipline to deliver the quality expected for business success and avoiding the wastage of time, squander productivity, demoralization in developers, etc. This paper summarizes the need for adopting assurance of computer software. The software development is successful; when it meets the needs of the people who use it, when it performs flawlessly over a long period of time, when it easy to modify and even easier to use, It can and does change things for the better. But software fails; when its users are dissatisfied, when it is systematic formal software development error prone, when it is difficult to change and methodology standard together with some security tips to be used during the process of software development. even harder to use, Bad things can and do happen. It is good to build software that makes things better, avoiding the bad things that lurk in the shadow of failed effort. To succeed, 2015

1808 discipline is needed when the software is Systematic Review approach on designed and build, an engineering approach is Software development needed. It would be impossible for anyone to keep up with all the developments in Application of Standard in the Software Development for Software even quite a narrow sense but a Quality Assurance In the past, the methods and principle of design software is informal, and kind of traditional. Years back, definitions are left for intuitions, and there are many lapses, this make the systematic review can summarise the best-available evidence and produce a conclusion to help developers make the right choice of designing very well defined software with quality assurance. software development not to be formal. Systematic reviews also exclude poorquality trials from their analyses This was more obvious at the point in which the guaranteeing that any research that has development of software increases with been analyzed is of a high quality. complexities and ambiguity, informalities shows It helps to draw up guidelines for a to be the major reason of failures. To enhance developing a standard software software standard, systematic review approach It help to prevent duplication of effort could be used. and avoid wasting resources on Systematic reviews sometimes use a technique searching for standards where the called meta-analysis to pool together results from a number of different trials, i.e. works done by other software developers in other to make a compare and contrast. Systematic review is a step further to a normal review. It is a guideline to the development of standard and quality assured software where intuition is not really needed. evidence is already clear Much of what goes into security is not difficult, but does require discipline and vigilance. Maintaining quality of any type requires the same discipline. Putting procedures into place to support the quality and security of technology implementations builds this vigilance into the overall work structure. 2015

1809 SECURITY TIPS Maintaining Software Quality Assurance in Secure Coding Software Development In other to enhance the quality assurance of Integrating Security into the Software software, security is very paramount, and Development Life Cycle security has to be put into consideration along Key Practices for Mitigating the Most side with the software development processes. Egregious Exploitable Software Weaknesses The following steps are to be put in place. Risk-based Software Security Testing Preparing to Write Secure Code Requirements and Analysis for Secure Software Architecture and Design Considerations for Secure Software Secure Coding and Software Construction Secure Coding Principles Secure Coding Practices Secure Memory and Cache Management Secure Error and Exception Handling Software engineers, Quality assurance and Security Considerations for Technologies, Methodologies & Languages Security engineers can form a cooperative alliance to come up with a standard innovation Software Security Test Techniques on Software development to support business throughout SDLC strategy. With security and quality as part of the way a company does business, a core attention can be spent on profitably meeting the customers needs and expectations. FIG 1: Software Security Test Techniques Throughout SDLC 2015

1810 CONCLUSION The conclusion of this paper in a nut shell can be stated that software development needs to be developed with qualitatively with the mind of producing high quality software products with security. It should be noted that building software without accounting for security is no longer an acceptable risk. Security is a form of quality assurance at its basic level. A security exposure in any form is a quality assurance issue. Labbate,Evelyn.(March30,2001). Vulne rability as a Function of Software Quality.SANS Institute.URL SANS Security Essentials. (May 2001). Training, Book. Sinha,Madhav N. (2000). Saving the Internet Survivors. Quality Progress,Vol. 34, Issue 6.URL Secure and resilient software, requirements, test cases, and testing methods (2011). Merkow, M. S., & Raghavan, L., Auerbach Publishers. REFERENCES Bernstein, Peter L. (November, 1998). Are Networks Driving the New Economy? Harvard Business Review. Kevin Hyde, David Wilson (2004), Intangible benefits of CMM-based software process improvement, University of Technology, Sydney, PO Box 123, Ultimo 2007, Australia Liberati, A Meta Analysis: Statistical Alchemy for the 21st Century, Discussion. A plea for a more balanced view of overview. 2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information