Abstract
ABSTRACT This article describes how to adapt a specific part of the Rational Unified Process (RUP) framework for the purpose of conducting requirements gathering for software projects aimed at adding security features to legacy software. The RUP seems particularly fitting for this purpose because it aggregates numerous software engineering terms into a common body of knowledge and strives to give them clear and unambiguous semantics. Furthermore, the RUP allows project coordinators to pick and choose only the process elements best suited to meet the particular needs of a project. The article should prove useful to project managers, process engineers, and software architects responsible for teaching old software new security functions. It should also prove useful to organizations that have already carried out basic software security projects such as those that fix buffer overflows, teach the software to perform better data validation, replace unsafe string handling functions, and recompile code with safe exception handling. This article covers only a small and very specific part of the RUP. It interprets the RUP in ways guided by the author's experience and specializes the Requirements discipline for use in projects tasked with adding new security features to legacy software.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Information Security Journal: A Global Perspective
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
