• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.169-175
• /
• 2023

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

• The KIPS Transactions:PartD
• /
• v.13D no.5 s.108
• /
• pp.699-708
• /
• 2006

The latest biometric field have marched fast with security technology of IT. As importance of present biometrics is realized, internal and external biometrics software market is trend that is soaring. Accordingly, high reliability of biometric software and request of high quality software are enlarged. Evaluation items and criteria must be established for biometric software quality assurance. In this paper, we development the evaluation module for biometric software test based on ISO/IEC 12119 that is the standard about software quality requirement and test, and ISO/IEC 9126 that is standard about evaluation of software product, and ISO/IEC 14598-6 that is the standard about construction of the evaluation module. Constituents of biometric software products(product descriptor, user document program and data) is subject to the quality evaluation module that we developed in this paper, we can expect improvement in the quality of software by using with a standard such as ISO/IEC 9126-3 that can be used in software development process.

• KIISE Transactions on Computing Practices
• /
• v.21 no.2
• /
• pp.115-120
• /
• 2015

The Testing Frontier Capability Assessment Model (TCAM) is based on ISO/IEC 9126, TMMi and TPI. Since ISO/IEC 9126, TMMi and TPI were made over 10 years ago, TCAM faces the problem that it can not assess and analyze the capability of small businesses that employ new software development methods or processes, for example Agile, TDD(Test Driven Development), App software, and Web Software. In this paper, a method to improve the problem is proposed. The paper is composed of the following sections: 1) ISO/IEC 9126, ISO/IEC 25010 and ISO/IEC/IEEE 29119 part 2 review 2) TCAM review 3) software product quality perspective comparison, and analysis between ISO/IEC 9126, ISO/IEC 25010 and TCAM 4) comparison, and analysis between ISO/IEC/IEEE 29119 part2 and TCAM and 5) proposal for the improvement of TCAM.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.95-105
• /
• 2008

Recently use of embedded software has been increased to different areas. The requirements and demands for the embedded software have also been altered. In the past, the embedded system was used in simple task and small portable devices but now, the usage of the embedded software has expanded to do much more complex and precise actions in a variety platform environment. The embedded software enables multiple softwares to be integrated into one and at the same time, control it. Currently the biggest challenges embedded software is facing during its development process is the improvement in product production and quality assurance. Our research team has developed an embedded software based on the component (technology or methodology) which both improves production capabilities as well as quality. Additionally, we also established and constructed a reliability test system which can effectively test the quality of the developed embedded software to further increase its competiveness.

• Journal of KIISE:Software and Applications
• /
• v.33 no.7
• /
• pp.605-614
• /
• 2006

The success of a software development project can be determined by the use of QCD. And as a software's size and complexity increase, the importance of early quality assurance rises. Therefore, more effort should be given to prevention, as opposed to correction. In order to provide a framework for the prevention of defects, defect detection activities such as peer review and testing, along with analysis of previous defects, is required. This entails a systematization and use of quality data from previous development efforts. FMEA, which is utilized for system safety assurance, can be applied as a means of software defect prevention. SW-FMEA (Software Failure Mode Effect Analysis) attempts to prevent defects by predicting likely defects. Presently, it has been applied to requirement analysis and design. SW-FMEA utilizes measured data from development activities, and can be used for defect prevention on both the development and management sides, for example, in planning, analysis, design, peer reviews, testing, risk management, and so forth. This research discusses about related methodology and proposes defect prevention model based on SW-FMEA. Proposed model is extended SW-FMEA that focuses on system analysis and design. The model not only supports verification and validation effectively, but is useful for reducing defect detection.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.440-452
• /
• 2010

For an evaluation of the software product, the national/international organizations and labs have been studying various methodologies for the quality on the basis of ISO/IEC Quality Assurance System, but they still have many issues in evaluation of the anti-virus software that has special characteristics of complexity. In this paper, to establish a methodology of the quality evaluation for the anti-virus software, fulfilling the requirements more than reasonable level, a process to draw the evaluation items and quantification was established. And the information of weight was objectified by analyzing the relative magnitude between each factors. Based on the defined information (evaluation item, weight), conducting the quality evaluations for 70 kinds of open anti-virus software collected from the portal sites in the real test environment, and as a result of the positive analysis with user's long-term experience, this paper justifies the evaluation item and the weight.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.387-393
• /
• 2021

This study aimed to improve the software quality in weapon systems by applying ISO/IEC 25023 to the software engineering process. The software engineering process in weapon systems manages the Software Quality Requirement but has restrictively improved the software quality. Software quality items are already defined and used for software engineering processes in weapon systems, but they are defined inconsistently according to individual software development cases. Thus, the methods of quantifying software quality are different, even though the same software quality is defined. In addition, the software quality has been managed differently. The major problems of software engineering processes in weapon systems are the unclear definition of the software quality requirements and the absence of quantifying software quality standards. ISO/IEC 25023 is composed of eight quality characteristics and thirty-one sub-characteristics. ISO/IEC 25023 provides measurement functions that can quantify the software product quality based on its characteristics. To improve the software quality further, the measurement functions in ISO/IEC 25023 are suggested to quantify and manage software quality for software engineering processes in weapon systems. The expected effects of this study were analyzed.

• Proceedings of the Korea Database Society Conference
• /
• 1999.10a
• /
• pp.153-163
• /
• 1999

소프트웨어 프로젝트가 대규모화되고 복잡해짐에 따라 체계적인 품질보증이 더욱 필요해지고 있다. 고품질의 소프트웨어를 개발하기 위해서는 작업산출물(work product)에 대한 품질보증뿐 아니라 개발 프로세스(process)에 대한 품질보증 활동을 동시에 수행해야만 목표하는 품질에 접근할 수 있다. 그러나 소프트웨어 품질보증은 다양한 품질특성이나 개발 주체간의 시각 차이에 따라 달라지는 가변성을 지니고 있어 품질보증에 적지 않은 어려움이 내재되어있다. 이러한 품질보증의 어려움이 소프트웨어 품질을 저해하는 원인으로 작용하여 기업의 품질 경쟁력을 떨어뜨리고 있다. 본 연구는 이러한 품질보증 활동의 어려움을 해결하고 나아가 품질향상을 달성하기 위한 방법을 개발하고자 하였다. 품질향상을 위해서 품질보증 활동을 보다 계획적이고 체계적으로 수행하기 위한 SQA(Software Quality Assurance) 방법론을 개발하였다. 일반적으로 방법론이란 모든 프로젝트에 그대로 적용하기란 어렵다. SQA 방법론 또한 프로젝트의 특성이나 조직 특성에 따라 적절히 커스터마이징(Customizing)되어 사용하여야만 효과성을 제고할 수 있다. 그리하여 본 SQA 방법론에서도 품질보증활동을 체계적으로 지원하기 위해 수행되어야할 품질보증 태스크가 리파지토리로 구성되어 있다. 프로젝트 특성 둥에 따라 필요한 품질보증 태스크를 이 리파지토리로부터 선정하여 활용할 수 있게 된다. 마지막으로 프로젝트 특성 등에 따라 필요한 품질보증 활동을 커스터마이징하기 위한 전문가시스템 접근방법을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.6
• /
• pp.211-222
• /
• 2021

Recently, frozen and refrigerated appliances on the market are being released with additional IoT functions, but there are few tests on IoT functions. In particular, the existing test system does not have IoT test items for IoT-based frozen and refrigerated appliances, making it difficult for companies to find the cause even if defects occur, and test institutions are also restricted from selecting IoT-related test items and conducting correct performance tests. In this paper, we design a test item framework that can identify product defects and identify causes in the performance test process of frozen and refrigerated products with IoT functions among products in the home appliance field, and propose test methods and management measures using them. Through the proposed research, manufacturers and testing institutions can test the correct performance of IoT-based frozen and refrigerated products, thereby enhancing the completeness and securing reliability of the products.