dc.contributor.author | Sassoon, Richard | |
dc.contributor.author | Jaatun, Martin Gilje | |
dc.contributor.author | Jensen, Jostein | |
dc.date.accessioned | 2017-07-10T10:36:37Z | |
dc.date.available | 2017-07-10T10:36:37Z | |
dc.date.created | 2010-09-01T12:08:53Z | |
dc.date.issued | 2010 | |
dc.identifier.citation | The road to Hell is paved with good intentions: A story of (in)secure software development. I: Proceedings of the Fifth International Conference on Avaliability, Reliability and Security: ARES 2010. IEEE 2010 ISBN 9780769539652. s. 501-506 | nb_NO |
dc.identifier.isbn | 9780769539652 | |
dc.identifier.uri | http://hdl.handle.net/11250/2448303 | |
dc.description.abstract | In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compliant with legal frameworks applicable to the healthcare domain. This security design was fed as input to the development team,which implemented the system. However, our assessment revealed a software platform with severe security weaknesses and vulnerabilities, demonstrating pitfalls that are, or should be, well known.Our experience re-confirms that security must be built as an intrinsic software property and emphasizes the need for security awareness throughout the whole software development lifecycle. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | IEEE | nb_NO |
dc.relation.ispartof | Proceedings of the Fifth International Conference on Avaliability, Reliability and Security: ARES 2010 | |
dc.title | The road to Hell is paved with good intentions: A story of (in)secure software development | nb_NO |
dc.type | Chapter | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 501-506 | nb_NO |
dc.identifier.doi | 10.1109/ARES.2010.44 | |
dc.identifier.cristin | 40972 | |
dc.description.localcode | © 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works | nb_NO |
cristin.unitcode | 194,63,10,0 | |
cristin.unitname | Institutt for datateknikk og informasjonsvitenskap | |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
cristin.qualitycode | 1 | |