Integrating vulnerability risk into the software process

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Software developers often focus on the functional aspects of software and defer consideration of security vulnerabilities until late in the development process. Consequently, vulnerabilities plague contemporary software. This work presents an approach that leverages contemporary vulnerability data in determining risk for the type of software. A novel process model is used to infuse vulnerability risk into the specification, design and implementation phases of the software process. This approach brings security concerns to the forefront of the entire process. A case study demonstrates mitigation actions for specific weaknesses in each phase of development.

Original languageEnglish (US)
Title of host publicationProceedings of the 2022 ACMSE Conference - ACMSE 2022
Subtitle of host publicationThe Annual ACM Southeast Conference
PublisherAssociation for Computing Machinery, Inc
Number of pages8
ISBN (Electronic)9781450386975
StatePublished - Apr 18 2022
Event2022 ACM Southeast Conference, ACMSE 2022 - Virtual, Online, United States
Duration: Apr 18 2022Apr 20 2022

Publication series

NameProceedings of the 2022 ACMSE Conference - ACMSE 2022: The Annual ACM Southeast Conference


Conference2022 ACM Southeast Conference, ACMSE 2022
Country/TerritoryUnited States
CityVirtual, Online


  • software lifecycle
  • software vulnerability
  • threat modeling

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Hardware and Architecture
  • Software


Dive into the research topics of 'Integrating vulnerability risk into the software process'. Together they form a unique fingerprint.

Cite this