The Current and Future of Software Securities and Vulnerabilities
OPEN ACCESS JSEA
lecture in the ISC (China Internet Security Conference),
“Free Security is Rebuilding and Expanding Security
Industry”.
Terminal security will become more and more impor-
tant in the future. In order to ensure the security, en t er -
prises may take more attention about a new concept of
security, cloud security, as to the unknown threats like
ATP (Advanced Persistent Threat) and 0 Day. The com-
ing development trend of the enterprise security more
depends on cloud security and the “boundary” to imple-
ment. At the same time, he announced the mysterious
product, 360 Eye. He also addressed that a Generic Secu-
rity may become a trend, because” it is Impossible to
achieve the real and forever security of network. Just as
it had been the safest shield and the sharpest spear.”
(More information on http://is c .360.cn/index.html).
As to the network safety and mobile security as well as
big data pe riod, IBM also provides much measurement or
new technologies and release a series of security prod-
ucts, like “QRadar Risk Manager,” Network Activity
Collectors,” and “I BM InfoSphereGuard ium,” etc. (More
information on
http://www.cbinews.com/topic/2013/05/IBM_fenghui/).
7. Conclusion and Prediction
At such a network age, information security has to be the
most important factors and software securities must be
the related and key part. It is said that in 2020, enter-
prise IT departments will not own the device, and in the
case of cloud-based services, they may or may not con-
trol the network, server, OS or application [13]. As the
coming of the age of big data and smart-cloud, informa-
tion must become the focal point in such a war of infor-
mation security strategies. Someday, the way of tradi-
tional office work may turn to BYOD (bring your own
devices). It is on the way that People-Centric security
instead of Control-Centric approaches to information
safety. Additionally, rapid detection and response about
security program will be emphasized rath er than traditio-
nal prevention.
Nowadays, MT (mobile terminal) is becoming more
intelligent and portable and it has been the tendency.
Crank calls and junk massages turn to be new unsafety,
disturbing citizens’ life. One day, the software and in-
formation security may be equal to national safety and
personal safety, then corresponding national and interna-
tional laws will be more considerable and comprehen-
sive.
This work is particularly directed by Dr. Xie, a senior
engineer. And 360’s engineers supplied much help by
technol o gy exchan gi ng platf orm.
REFERENCES
[1] C. Banerjee and S. K. Pandey, “Software Security Rules:
SDLC Pers pective,” (IJCSIS) International Journal of Com-
puter Science and Information Security, Vol. 6, No. 1,
2009.
[2] C. Y. Lester, “A Practical Application of Software Secu-
rity in an Undergraduate Software Engineering Course,”
IJCSI International Journal of Computer Science Issues,
Vol. 7, No. 3, 2010.
[3] H.-Y. Sun and X.-C. Shi , “The Relationship Research be-
tween Reliability, Safety and Functional Security,” 2010.
[4] A. Sumithra and Dr E. Ramraj, “A Checklist Based Frame-
work for Software Security Risk Management,” Interna-
tional Journal of Computing Technologies and Applica-
tions, Vol. 2, No. 2, pp. 304-308.
[5] B. Boehm, “A Spiral Model of Software Development
and Enhancement,” IEEE Computer, Vol. 21, No. 5, 1988,
pp. 61-72. http://dx.doi.org/10.1109/2.59
[6] R. S. Gaykar and D. S. Joshi, “Enhancement of Software
Security Through Design Phase,” Résumé S. Gaykar et
al./International Journal of Engineering Science and Te-
chnology (IJEST), Vol. 3, No. 4, 2011.
[7] A. Austin, C. Holmgren and L. Williams, “A Comparison
of the Efficiency and Effectiveness of Vulnerability Dis-
covery Techniques,” Information and Software Technol-
ogy, Vol. 55, No. 1, 2013, pp. 1279-1288.
http://dx.doi.org/10.1016/j.infsof.2012.11.007
[8] R. Wang, “Research on Comprehensive Evaluation Me-
thod of Application Software Security,” Dalian Universi-
ty of Technology, Dalian, 2013.
[9] China Internet Security Conferences, CISC 360, 2013.
[10] D. Z. Zhang, D. G. Liu, C. Csallner, D. Kung and Y. Lei,
“A Distributed Framework for Demand-Driven Software
Vulnerability Detection,” The Journal of Sy stems and Soft-
ware, G Model, JSS-9220.
[11] M. Kimura, “Software Vulnerability: Definition, Modeling,
and Practical Evaluation for E-Mail Transfer Software,”
International Journal of Pressure Vessels and Piping,
Vol. 83, 2006, pp. 256-261.
http://dx.doi.org/10.1016/j.ijpvp.2006.02.003
[12] B. Smith and L. Williams, “Systematizing Security Test
Planning Using Functional Requirements Phrases,” Tech-
nical Report TR-2011-5, North Carol ina State University,
Raleigh, 2011.
[13] 360 Internet Security Centre, Featuring Research from
Gartner, “Development Trend of Enterprise Security in
the Internet Age,” 2013.