caa a22 4500 605495645 CHVBK 20210128100532.0 cr unu---uuuuu 210128e20150301xx s 000 0 eng 10.1007/s11219-013-9223-1 doi (NATIONALLICENCE)springer-10.1007/s11219-013-9223-1 Security quality model: an extension of Dromey's model [Elektronische Daten] [Saad Zafar, Misbah Mehboob, Asma Naveed, Bushra Malik] The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey's quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey's model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Springer Science+Business Media New York, 2013 Security quality model nationallicence Security nationallicence Software defects nationallicence Application security nationallicence Dromey's quality model nationallicence Security engineering nationallicence Zafar Saad Faculty of Computing, Riphah International University, Islamabad, Pakistan aut Mehboob Misbah International Islamic University, Islamabad, Pakistan aut Naveed Asma Foundation University College of Liberal Arts and Science, Islamabad, Pakistan aut Malik Bushra Faculty of Computing, Riphah International University, Islamabad, Pakistan aut Software Quality Journal Springer US; http://www.springer-ny.com 23/1(2015-03-01), 29-54 0963-9314 23:1<29 2015 23 11219 https://doi.org/10.1007/s11219-013-9223-1 text/html Onlinezugriff via DOI BK010053 XK010053 XK010000 Metadata rights reserved Springer special CC-BY-NC licence nationallicence 1 research-article jats NATIONALLICENCE NATIONALLICENCE NL-springer NATIONALLICENCE 856 40 https://doi.org/10.1007/s11219-013-9223-1 text/html Onlinezugriff via DOI NATIONALLICENCE 700 1- Zafar Saad Faculty of Computing, Riphah International University, Islamabad, Pakistan aut NATIONALLICENCE 700 1- Mehboob Misbah International Islamic University, Islamabad, Pakistan aut NATIONALLICENCE 700 1- Naveed Asma Foundation University College of Liberal Arts and Science, Islamabad, Pakistan aut NATIONALLICENCE 700 1- Malik Bushra Faculty of Computing, Riphah International University, Islamabad, Pakistan aut NATIONALLICENCE 773 0- Software Quality Journal Springer US; http://www.springer-ny.com 23/1(2015-03-01), 29-54 0963-9314 23:1<29 2015 23 11219