80.2K

Verified Solution

Link Copied!

Case Study Project –PART I

Overview

The purpose of the case study project is to get you acquaintedwith the security challenges of a real, complex, messy softwareproduct. In class, you will be learning about securityideals,   and best practices. In the case study, you willsee how those ideals are applied, or not applied.

This case study is designed to help you in two key ways:investigation and co-authorship. Theinvestigative part of this project is to help you to learn aboutsoftware projects from the outside in. This means reading bugreports, documentation, mailing lists, commit logs, and anythingelse you can get your hands on to understand what's going on. Theco-authorship part of this project is to help you learn what it'slike to describe complex arguments (i.e. specific security risks)to a technical, yet non-security-minded audience. The \"co-\" part isto help you learn how to write much like how you've learned how tocode... communicating, coordinating, know when to work alone, knowwhen to work collaboratively, giving good feedback, and reacting tofeedback.

Case Study Proposal

Phase 1:

As a team, choose a case study project. Choosing a project maytake some effort, as not every project out there makes a goodcandidate. Here are the minimum requirements for a goodcase study:

• Must have a domain that has significant security risks
• Non-trivial. The larger the better. Minimum of 10k lines ofcode or 20 developers. You will not need get this system tobuild.
• Must be actually used in production
• Source code must be available
• Must have had a list of reported vulnerabilities. The moredetailed the records, the better (e.g. do they trace to bugs andsource code patches?)

In your proposal, include the following:

• The names of each team member
• Project overview.
  • What is the product used for?
  • What is the development team like?
  • How often does the project release?
• Security Risks. This section can be very brief
  • What kinds of data does this product protect?
  • What are the ramifications of this software iscompromised?
• Provide links (using just a regular hyperlink) to the projectwebsite, the source code repository, issue tracker, pastvulnerabilities, and any other relevant information.

Submission

For this proposal, create a document called \"X Case StudyProposal\".

Grading scheme (10marks)

• 6marks - Submit a case study proposal naming aproject.
• 1mark- Project matches the minimumcriteria
• 3marks - Proposal demonstrates a surface-levelunderstanding of the project security risks

minimum words or number of pages for the project proposal? it isnot project proposal it is just final project of one course whichis 15 marks and the minimum pages are 10 pages and maximum 15 pages. It is about software vulnerability case study.