Abstract:

Secure software engineering involves very complex and unconventional development processes; that require a great deal of security knowledge that is continuously evolving and hard to discern. This significant bulk of knowledge is currently scattered, unstructured and difficult to be reused in a specific application domain and in every software development phase (specification, design and implementation) by security inexperienced software developers. In order to manage this knowledge in a formal and widely shareable representation, this paper presents an ontological approach which aims security knowledge management (security knowledge and security experiences) to support the engineering of secure software product. Firstly, we propose a literature survey, analysis and classification of some existing security ontologies that are candidates for full use in secure software development processes. Based on this survey, we propose an ontological approach for modeling, capitalization and sharing of security knowledge covering both dimensions of software: product and project and taking into consideration the context of the application domain and the risk analysis and deals with the different phases of software development process.