Software systems are permeating every facet of our society, making security breaches costlier than ever before. At the same time, as software systems grow in complexity, so does the difficulty of ensuring their security. As a result, the problem of securing software, in particular software that controls critical infrastructure, is growing in prominence. Software engineering community has developed numerous approaches for promoting and ensuring security of software. In fact, many security vulnerabilities are effectively avoidable through proper application of well-established software engineering principles and techniques. In this chapter, we first provide an introduction to the principles and concepts in software security from the standpoint of software engineering. We then provide an overview of four categories of approaches for achieving security in software systems, namely, static and dynamic analyses, formal methods, and adaptive mechanisms. We introduce the seminal work from each area and intuitively demonstrate their applications on several examples. We also enumerate on the strengths and shortcomings of each approach to help software engineerswith making informed decisionswhen applying these approaches in their projects. Finally, the chapter provides an overview of the major research challenges from each approach, which we hope to shape the future research efforts in this area.
Malek, S., Bagheri, H., Garcia, J., & Sadeghi, A. (2019). Security and software engineering. In Handbook of Software Engineering (pp. 445–489). Springer International Publishing. https://doi.org/10.1007/978-3-030-00262-6_12