Agile development methodologies are gaining acceptance in the software industry. If they are to be used for constructing securitycritical solutions, what do we do about assurance?...
—In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements sinc...
Quantitative data about security threats is a precondition for a precise assessment of security risks and consequently for an efficient management of information security. Curren...
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on s...
Vadim Okun, William F. Guthrie, Romain Gaucher, Pa...
Cloud security issues have recently gained traction in the research community, with much of the focus primarily concentrated on securing the operating systems and virtual machines...
Wenchao Zhou, Micah Sherr, William R. Marczak, Zhu...