Security principles for package management as part of software development lifecycle and processes

Use of third-party software packages has become increasingly popular in software projects. Reusing source code via packages can help developers focus on writing the parts of the software that are unique to their application and relying on third-party source code to solve common problems that have al...

Full description

Bibliographic Details
Main Author: Muranen, Markus
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2019
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/66197
_version_ 1826225684059521024
author Muranen, Markus
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Muranen, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Muranen, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Muranen, Markus
datasource_str_mv jyx
description Use of third-party software packages has become increasingly popular in software projects. Reusing source code via packages can help developers focus on writing the parts of the software that are unique to their application and relying on third-party source code to solve common problems that have already been solved by others. However, the use of packages does not come without risks. By introducing a dependency on someone else’s code, members of software project teams should recognize and be aware of security implications and risks associated with such decisions. Usually such decisions are opaque and made on ad-hoc basis by individuals taking part in the software project. This thesis aims to introduce a set of principles for managing and remediating security problems associated with software packages. The principles are tied to a software development lifecycle and processes by introducing various steps that can be incorporated as software package management process and workflow to existing and new software projects.
first_indexed 2019-11-06T21:03:09Z
format Pro gradu
fullrecord [{"key": "dc.contributor.advisor", "value": "Costin, Andrei", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Muranen, Markus", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-11-06T06:55:50Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-11-06T06:55:50Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/66197", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Use of third-party software packages has become increasingly popular in software projects. Reusing source code via packages can help developers focus on\nwriting the parts of the software that are unique to their application and relying\non third-party source code to solve common problems that have already been\nsolved by others.\nHowever, the use of packages does not come without risks. By introducing\na dependency on someone else\u2019s code, members of software project teams\nshould recognize and be aware of security implications and risks associated\nwith such decisions. Usually such decisions are opaque and made on ad-hoc\nbasis by individuals taking part in the software project.\nThis thesis aims to introduce a set of principles for managing and remediating security problems associated with software packages. The principles are\ntied to a software development lifecycle and processes by introducing various\nsteps that can be incorporated as software package management process and\nworkflow to existing and new software projects.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2019-11-06T06:55:50Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-11-06T06:55:50Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "68", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "secure package management", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "package management", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "software packages", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "SDLC", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "DevOps", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "DevSecOps", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Security principles for package management as part of software development lifecycle and processes", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201911064741", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "business", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "student", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietokoneohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistokehitys", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "computer programmes", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software development", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/en/workspaces/facilities).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat..", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_66197
language eng
last_indexed 2025-02-18T10:55:42Z
main_date 2019-01-01T00:00:00Z
main_date_str 2019
publishDate 2019
record_format qdc
source_str_mv jyx
spellingShingle Muranen, Markus Security principles for package management as part of software development lifecycle and processes secure package management package management software packages SDLC DevOps DevSecOps Tietojenkäsittelytiede Computer Science 601 tietokoneohjelmat kyberturvallisuus ohjelmistokehitys computer programmes cyber security software development
title Security principles for package management as part of software development lifecycle and processes
title_full Security principles for package management as part of software development lifecycle and processes
title_fullStr Security principles for package management as part of software development lifecycle and processes Security principles for package management as part of software development lifecycle and processes
title_full_unstemmed Security principles for package management as part of software development lifecycle and processes Security principles for package management as part of software development lifecycle and processes
title_short Security principles for package management as part of software development lifecycle and processes
title_sort security principles for package management as part of software development lifecycle and processes
title_txtP Security principles for package management as part of software development lifecycle and processes
topic secure package management package management software packages SDLC DevOps DevSecOps Tietojenkäsittelytiede Computer Science 601 tietokoneohjelmat kyberturvallisuus ohjelmistokehitys computer programmes cyber security software development
topic_facet 601 Computer Science DevOps DevSecOps SDLC Tietojenkäsittelytiede computer programmes cyber security kyberturvallisuus ohjelmistokehitys package management secure package management software development software packages tietokoneohjelmat
url https://jyx.jyu.fi/handle/123456789/66197 http://www.urn.fi/URN:NBN:fi:jyu-201911064741
work_keys_str_mv AT muranenmarkus securityprinciplesforpackagemanagementaspartofsoftwaredevelopmentlifecycleandproce