Electrotechnical and Computer Engineering
Vol. 36 No. 03 (2021): Proceedings of the Faculty of Technical Sciences
EXTENSION OF AN AUTOMATIC THREATS DETECTION TOOL WITH CWE KNOWLEDGE BASE AND ITS USE IN THE DEVELOPMENT OF SECURE SOFTWARE
Abstract
This paper presents support tool for SDL process and guidelines for its integration into the development process of secure software.
References
[1] https://www.microsoft.com/en-us/securityengineering/sdl/practices (приступљено у септембру 2020)
[2] Марија Ковачевић, „Систем за управљање рањивостима у софтверу“, 2019.
[3] Јово Шуњка, „Веб апликација за цртање дијаграма тока података“, 2019.
[4] IEC, International Electrotechnical Commission, „62443-4-1: Security for industrial automation and control systems, part 4-1: Product security development life-cycle requirements“, 2018.
[5] Ron Ross, Michael McEvilley и Janet Carrier Oren, „Nist special publication 800-160: Systems security engineering considerations for a multidisciplinary approach in the engineering of trustworthy secure systems“, 2016.
[6] Michael Howard и Steve Lipner, „The Security Development Lifecycle“, 2006.
[7] Немања Миладиновић, „Проналажење рањивости у софтверу на основу дијаграма тока података“, 2017.
[8] https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ee790620(v=msdn.10) (приступљено у септембру 2020)