Secure Software Development in the Era of Fluid Multi-party Open Software and Services

Ivan Pashchenko, Riccardo Scandariato, Antonino Sabetta, Fabio Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates over months or years, must now cope with small, continuous changes taking place within a week, and happening in sub-components that are controlled by third-party developers one might not even know they existed. In this paper, we aim to provide an overview of the current software security approaches and evaluate their appropriateness in the face of the changed nature in software development. Software security assurance could benefit by switching from a process-based to an artefact-based approach. Further, security evaluation might need to be more incremental, automated and decentralized. We believe this can be achieved by supporting mechanisms for lightweight and scalable screenings that are applicable to the entire population of software components albeit there might be a price to pay.

Original languageEnglish
Title of host publication2021 ACM/IEEE 43rd International Conference on Software Engineering
Subtitle of host publicationNew Ideas and Emerging Results, ICSE-NIER 2021
PublisherIEEE Computer Society
Pages91-95
Number of pages5
ISBN (Electronic)9780738133249
ISBN (Print)9781665401401
DOIs
Publication statusPublished - 7 May 2021
Event43rd ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2021 - Virtual, Online, Spain
Duration: 25 May 202128 May 2021

Publication series

NameProceedings - International Conference on Software Engineering
PublisherIEEE
ISSN (Print)0270-5257

Conference

Conference43rd ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2021
Country/TerritorySpain
CityVirtual, Online
Period25/05/2128/05/21

Bibliographical note

Funding Information:
ACKNOWLEDGEMENTS. We thank the anonymous reviewers and, in particular, Andy Meneely for their insightful comments. The graphical abstract is an artwork by Anna Formilan http://annaformilan.com. This work was partially supported by EU-funded project AssureMOSS (grant no. 952647).

Publisher Copyright:
© 2021 IEEE.

Funding

ACKNOWLEDGEMENTS. We thank the anonymous reviewers and, in particular, Andy Meneely for their insightful comments. The graphical abstract is an artwork by Anna Formilan http://annaformilan.com. This work was partially supported by EU-funded project AssureMOSS (grant no. 952647).

FundersFunder number
Horizon 2020 Framework Programme952647
European Commission

    Keywords

    • open source software
    • software security
    • vision

    Fingerprint

    Dive into the research topics of 'Secure Software Development in the Era of Fluid Multi-party Open Software and Services'. Together they form a unique fingerprint.

    Cite this