To main content

The road to Hell is paved with good intentions: A story of (in)secure software development

Abstract

In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compliant with legal frameworks applicable to the healthcare domain. This security design was fed as input to the development team,which implemented the system. However, our assessment revealed a software platform with severe security weaknesses and vulnerabilities, demonstrating pitfalls that are, or should be, well known.Our experience re-confirms that security must be built as an intrinsic software property and emphasizes the need for security awareness throughout the whole software development lifecycle.
Read the publication

Category

Academic chapter

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security
  • Norwegian University of Science and Technology

Year

2010

Publisher

IEEE (Institute of Electrical and Electronics Engineers)

Book

Proceedings of the Fifth International Conference on Avaliability, Reliability and Security: ARES 2010

ISBN

9780769539652

Page(s)

501 - 506

View this publication at Norwegian Research Information Repository