@inproceedings{3f2997da0c874ee39e899ff9013f628c,
title = "Integrating vulnerability risk into the software process",
abstract = "Software developers often focus on the functional aspects of software and defer consideration of security vulnerabilities until late in the development process. Consequently, vulnerabilities plague contemporary software. This work presents an approach that leverages contemporary vulnerability data in determining risk for the type of software. A novel process model is used to infuse vulnerability risk into the specification, design and implementation phases of the software process. This approach brings security concerns to the forefront of the entire process. A case study demonstrates mitigation actions for specific weaknesses in each phase of development. ",
keywords = "software lifecycle, software vulnerability, threat modeling",
author = "Onyeka Ezenwoye and Yi Liu",
note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 2022 ACM Southeast Conference, ACMSE 2022 ; Conference date: 18-04-2022 Through 20-04-2022",
year = "2022",
month = apr,
day = "18",
doi = "10.1145/3476883.3520217",
language = "English (US)",
series = "Proceedings of the 2022 ACMSE Conference - ACMSE 2022: The Annual ACM Southeast Conference",
publisher = "Association for Computing Machinery, Inc",
pages = "91--98",
booktitle = "Proceedings of the 2022 ACMSE Conference - ACMSE 2022",
}