{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T03:49:49Z","timestamp":1763178589791,"version":"3.41.0"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2009,12,3]],"date-time":"2009-12-03T00:00:00Z","timestamp":1259798400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2009,12,3]]},"abstract":"<jats:p>One of the major problems in software security is the lack of knowledge about security among software developers. Even if a developer has good knowledge about current software vulnerabilities, they generally have little or no idea about the causes and measures that can avoid those vulnerabilities. Now it is established fact that most of the vulnerabilities arise in design phase of the software development lifecycle. Keeping in view the importance of software design level security, a study of current software design level vulnerabilities and their cause is conducted. In this paper, we discuss current practices in specific software design tasks, vulnerabilities and mitigation mechanism. On the basis of the critical review, areas of research are identified that warrant further investigation.<\/jats:p>","DOI":"10.1145\/1640162.1640171","type":"journal-article","created":{"date-parts":[[2009,12,8]],"date-time":"2009-12-08T20:53:14Z","timestamp":1260305594000},"page":"1-5","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Research on software design level security vulnerabilities"],"prefix":"10.1145","volume":"34","author":[{"given":"S.","family":"Rehman","sequence":"first","affiliation":[{"name":"Jamia Millia Islamia, New Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"K.","family":"Mustafa","sequence":"additional","affiliation":[{"name":"Jamia Millia Islamia, New Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,12,3]]},"reference":[{"key":"e_1_2_1_1_1","first-page":"1","volume-title":"Harvard University","author":"Schechter Stuart Edward","year":"2004"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1193213"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408680"},{"volume-title":"USA","year":"2002","author":"McGraw J.","key":"e_1_2_1_4_1"},{"volume-title":"Addison-Wesley","year":"2004","author":"Hoglund","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","unstructured":"http:\/\/www.devdaily.com\/java\/java_oo\/node2.shtml  http:\/\/www.devdaily.com\/java\/java_oo\/node2.shtml"},{"key":"e_1_2_1_7_1","unstructured":"Pravir Chandra (Project Lead) (2006): CLASP -Comprehensive Lightweight Application Security Process Version 1.2 Version Date: 31 march 2006. URL: http:\/\/www.owasp.org\/index.php\/Category: OWASP_CLASP_Project.  Pravir Chandra (Project Lead) (2006): CLASP -Comprehensive Lightweight Application Security Process Version 1.2 Version Date: 31 march 2006. URL: http:\/\/www.owasp.org\/index.php\/Category: OWASP_CLASP_Project."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/11767138_5"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1318471.1318510"},{"volume-title":"ASIACCS","year":"2007","author":"Liny Zhiqiang","key":"e_1_2_1_10_1"},{"key":"e_1_2_1_11_1","unstructured":"URL - http:\/\/www.first.org\/cvss\/  URL - http:\/\/www.first.org\/cvss\/"},{"key":"e_1_2_1_12_1","first-page":"2007","article-title":"Threat Modeling Using Fuzzy Logic Paradigm","volume":"4","author":"Sodiya A.S.","year":"2007","journal-title":"Informing Science and Information Technology"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.7"},{"key":"e_1_2_1_14_1","unstructured":"NHS and NIST National Vulnerability Database (NVD) automating vulnerability management security measurement and compliance checking URL- http:\/\/nvd.nist.gov\/scap.cfm (Accessed on 11 June 2009).  NHS and NIST National Vulnerability Database (NVD) automating vulnerability management security measurement and compliance checking URL- http:\/\/nvd.nist.gov\/scap.cfm (Accessed on 11 June 2009)."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1558607.1558646"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxp040"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.200"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.48"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101965"},{"volume-title":"July, 2008.","year":"2008","author":"Li Xiaohong","key":"e_1_2_1_20_1"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJESDF.2007.013589"},{"key":"e_1_2_1_22_1","first-page":"165","article-title":"Collaboration in Secure Development process, Part 1","volume":"9","author":"Peterson G.","year":"2004","journal-title":"Information Security Bulletin"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194007003240"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2008.114"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1370687.1370688"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-88775-3_3"},{"volume-title":"Govt. of India","year":"2008","author":"Mustafa","key":"e_1_2_1_28_1"},{"volume-title":"International Journal of Security and its Applications","year":"2008","author":"Lee Hakjin","key":"e_1_2_1_29_1"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.2"}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1640162.1640171","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1640162.1640171","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:17:56Z","timestamp":1750249076000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1640162.1640171"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,12,3]]},"references-count":29,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2009,12,3]]}},"alternative-id":["10.1145\/1640162.1640171"],"URL":"https:\/\/doi.org\/10.1145\/1640162.1640171","relation":{},"ISSN":["0163-5948"],"issn-type":[{"type":"print","value":"0163-5948"}],"subject":[],"published":{"date-parts":[[2009,12,3]]},"assertion":[{"value":"2009-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}