The European Union-funded SecureChange project found that only about one-third of a program's code changed from one version to the next. However, a substantial number of vulnerabilities were inherited by each new version from its predecessor.
The SecureChange researchers developed a methodology, techniques, and tools to make the software lifecycle more efficient, flexible, secure, and less costly. "Our main idea was to consider change itself as a first-class citizen, using evolution rules for the software to make sure that each change respects the desired security properties," says University of Trento professor Fabio Massacci. "In this way, you automatically know that any modification satisfies your desired properties."
The approach focuses on the difference between the old and new release of the software. "Test engineers can quickly and easily identify which tests are needed, what is new and what is obsolete, thereby avoiding the need to re-test millions of lines of code that have not changed and enabling them to focus their efforts on what is really new and hence potentially more risky," Massacci says. The approach also focuses on designing changes to the software in a granular fashion, so modifications to one element of the software do not impact other elements.
From Europe's Newsroom
View Full Article
No entries found