Security principles for package management as part of software development lifecycle and processes
Authors
Date
2019Access restrictions
The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyväskylä University Library (https://kirjasto.jyu.fi/en/workspaces/facilities).
Copyright
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Use of third-party software packages has become increasingly popular in software projects. Reusing source code via packages can help developers focus on
writing the parts of the software that are unique to their application and relying
on third-party source code to solve common problems that have already been
solved by others.
However, the use of packages does not come without risks. By introducing
a dependency on someone else’s code, members of software project teams
should recognize and be aware of security implications and risks associated
with such decisions. Usually such decisions are opaque and made on ad-hoc
basis by individuals taking part in the software project.
This thesis aims to introduce a set of principles for managing and remediating security problems associated with software packages. The principles are
tied to a software development lifecycle and processes by introducing various
steps that can be incorporated as software package management process and
workflow to existing and new software projects.
...
Keywords
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29367]
Related items
Showing items with similar title or keywords.
-
The Place and Role of Security Patterns in Software Development Process
Mazhelis, Oleksiy; Naumenko, Anton (Insticc press, 2006)Security is one of the key quality attributes for many contemporary software products. Designing, developing, and maintaining such software necessitates the use of a secure-software development process which specifies how ... -
Secure software design and development : towards practical models for implementing information security into the requirements engineering process
Väyrynen, Aino-Maria; Räisänen, Elina (2020)Vaatimusmäärittelyprosessin tavoitteena on kerätä ja jalostaa ratkaisuiksi tuotteen tai palvelun sidosryhmiksi tunnistettujen osapuolten ajatuksia ja tarpeita. Näiden ratkaisujen avulla poistetaan asiakkaan liiketoiminnassa ... -
Software patterns, organizational learning and software process improvement
Ahlgren, Riikka (University of Jyväskylä, 2011) -
Introducing Traceability in GitHub for Medical Software Development
Stirbu, Vlad; Mikkonen, Tommi (Springer International Publishing, 2021)Assuring traceability from requirements to implementation is a key element when developing safety critical software systems. Traditionally, this traceability is ensured by a waterfall-like process, where phases follow each ... -
Hypotheses engineering : first essential steps of experiment-driven software development
Melegati, Jorge; Wang, Xiaofeng; Abrahamsson, Pekka (IEEE, 2019)Recent studies have proposed the use of experiments to guide software development in order to build features that the user really wants. Some authors argue that this approach represents a new way to develop software that ...