Security principles for package management as part of software development lifecycle and processes
| dc.contributor.advisor | Costin, Andrei | |
| dc.contributor.author | Muranen, Markus | |
| dc.date.accessioned | 2019-11-06T06:55:50Z | |
| dc.date.available | 2019-11-06T06:55:50Z | |
| dc.date.issued | 2019 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/66197 | |
| dc.description.abstract | Use of third-party software packages has become increasingly popular in software projects. Reusing source code via packages can help developers focus on writing the parts of the software that are unique to their application and relying on third-party source code to solve common problems that have already been solved by others. However, the use of packages does not come without risks. By introducing a dependency on someone else’s code, members of software project teams should recognize and be aware of security implications and risks associated with such decisions. Usually such decisions are opaque and made on ad-hoc basis by individuals taking part in the software project. This thesis aims to introduce a set of principles for managing and remediating security problems associated with software packages. The principles are tied to a software development lifecycle and processes by introducing various steps that can be incorporated as software package management process and workflow to existing and new software projects. | en |
| dc.format.extent | 68 | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | en | |
| dc.rights | In Copyright | en |
| dc.subject.other | secure package management | |
| dc.subject.other | package management | |
| dc.subject.other | software packages | |
| dc.subject.other | SDLC | |
| dc.subject.other | DevOps | |
| dc.subject.other | DevSecOps | |
| dc.title | Security principles for package management as part of software development lifecycle and processes | |
| dc.type | master thesis | |
| dc.identifier.urn | URN:NBN:fi:jyu-201911064741 | |
| dc.type.ontasot | Pro gradu -tutkielma | fi |
| dc.type.ontasot | Master’s thesis | en |
| dc.contributor.tiedekunta | Informaatioteknologian tiedekunta | fi |
| dc.contributor.tiedekunta | Faculty of Information Technology | en |
| dc.contributor.laitos | Informaatioteknologia | fi |
| dc.contributor.laitos | Information Technology | en |
| dc.contributor.yliopisto | Jyväskylän yliopisto | fi |
| dc.contributor.yliopisto | University of Jyväskylä | en |
| dc.contributor.oppiaine | Tietojenkäsittelytiede | fi |
| dc.contributor.oppiaine | Computer Science | en |
| dc.type.coar | http://purl.org/coar/resource_type/c_bdcc | |
| dc.type.publication | masterThesis | |
| dc.contributor.oppiainekoodi | 601 | |
| dc.subject.yso | tietokoneohjelmat | |
| dc.subject.yso | kyberturvallisuus | |
| dc.subject.yso | ohjelmistokehitys | |
| dc.subject.yso | computer programmes | |
| dc.subject.yso | cyber security | |
| dc.subject.yso | software development | |
| dc.format.content | fulltext | |
| dc.rights.url | https://rightsstatements.org/page/InC/1.0/ | |
| dc.rights.accessrights | Tekijä ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyväskylän yliopiston kirjaston arkistotyösemalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat.. | fi |
| dc.rights.accessrights | The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyväskylä University Library (https://kirjasto.jyu.fi/en/workspaces/facilities). | en |
| dc.type.okm | G2 |
Aineistoon kuuluvat tiedostot
Aineisto kuuluu seuraaviin kokoelmiin
-
Pro gradu -tutkielmat [29740]
Ellei muuten mainita, aineiston lisenssi on In Copyright