A Threat Intelligence Tool for the Security Development Lifecycle

被引：1

作者：

Kannavara, Raghudeep ^{[1
]}

Vangore, Jacob ^{[2
]}

Roberts, William ^{[2
]}

Lindholm, Marcus ^{[1
]}

Shrivastav, Priti ^{[1
]}

机构：

[1] Intel Corp, Santa Clara, CA 95051 USA

[2] Olivet Nazarene Univ, Bourbonnais, IL USA

来源：

PROCEEDINGS OF THE 12TH INNOVATIONS ON SOFTWARE ENGINEERING CONFERENCE (ISEC) | 2019年

关键词：

Security development lifecycle; Threat intelligence; Vulnerability disclosure; Product security;

D O I：

10.1145/3299771.3299789

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Threat intelligence is critical when executing a well-informed Security Development Lifecycle (SDL). However, the lack of threat intelligence tools focusing on SDL is a known issue within the security community. To address this shortcoming, we present "Threat Miner for SDL" to automate the process of mining open source threat information sources to deliver product specific threat indicators designed to strategically inform the SDL while continuously monitoring for disclosures of relevant potential vulnerabilities during product design, development, deployment and beyond.

引用

页数：5

共 50 条

[1] A Summary of the Development of Cyber Security Threat Intelligence Sharing
Du, Lili
Fan, Yaqin
Zhang, Lvyang
Wang, Lianying
Sun, Tianhang
[J]. INTERNATIONAL JOURNAL OF DIGITAL CRIME AND FORENSICS, 2020, 12 (04) : 54 - 67
[2] Integrating AI-driven threat intelligence and forecasting in the cyber security exercise content generation lifecycle
Zacharis, Alexandros
Katos, Vasilios
Patsakis, Constantinos
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2024, 23 (04) : 2691 - 2710
[3] Threat analysis in the software development lifecycle
Whitmore, J.
Tuerpe, S.
Triller, S.
Poller, A.
Carlson, C.
[J]. IBM JOURNAL OF RESEARCH AND DEVELOPMENT, 2014, 58 (01)
[4] Security in the Software Development Lifecycle
Assal, Hala
Chiasson, Sonia
[J]. PROCEEDINGS OF THE FOURTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY, 2018, : 281 - 296
[5] The health information system security threat lifecycle: An informatics theory
Fernando, Juanita I.
Dawson, Linda L.
[J]. INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, 2009, 78 (12) : 815 - 826
[6] Information Lifecycle Security Risk Assessment: A tool for closing security gaps
Bernard, Ray
[J]. COMPUTERS & SECURITY, 2007, 26 (01) : 26 - 30
[7] Cyber Security Threat Intelligence Monitoring and Classification
Wang, Bo-Xiang
Chen, Jiann-Liang
Yu, Chiao-Lin
[J]. 2021 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 2021, : 70 - 72
[8] Cyber threat intelligence for critical infrastructure security
Osliak, Oleksii
Saracino, Andrea
Martinelli, Fabio
Mori, Paolo
[J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2023, 35 (23):
[9] Using Cyber Threat Intelligence in SDN Security
Yurekten, Ozgur
Demirci, Mehmet
[J]. 2017 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND ENGINEERING (UBMK), 2017, : 377 - 382
[10] Security orchestration with a global threat intelligence platform
Network Security Project, NTT Secure Platform Laboratories, Japan
不详
[J]. NTT Tech. Rev., 12

← 1 2 3 4 5 →