In Software industry Software reuse

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


In Software industry Software reuse is considered to be the key which can unlock the software development growth in the future. The potential benefits include decrease in development cost and schedule and increase in quality. One of the main issues in software reuse is the Security. This paper gives a clear picture about the Software Reuse and security issues.

Index Terms - Software Reuse, Security issues.


In today's fast moving world people try to make their things easier, faster and with low cost. This can be applied to all fields that we face in our day-to-day activities. Now-a-days in most of the engineering fields their products are designed or developed from existing components, in which these components are been already used by some other product. By doing this it is easy to build new systems efficiently. This reusing methodology can also be implemented software development life cycle. With the help of "Software Reuse" it is easy to achieve better software with less time and cost. Even though Software Reuse has many advantages, still date this is not successfully implemented and still this is only a popular discussion and debate topic in our software industry for more than 30 years. One of the main issues that affect the Software Reuse is Security. In general we know that Security is one of the key issues in the software development industry, so this is should be resolved in an efficient way. This paper discusses about the Software Reuse and their Security issues.

Software Reuse and Security

Software Reuse is also known as Code Reuse and the key idea behind this is to use the existing software to build new software. This means using a complete or partial code of the existing software or computer program to develop a new product. By doing this, a developer can produce a quality software by saving resources such as time, cost and etc. In general the software reuse can be achieved in different levels, such as [1].

  • Single/Multiple lines of code.
  • Procedures/Functions.
  • Modules/Components.
  • Packages or
  • Entire programs.
  • Pros of Software Reuse

Some of the main advantages of Software Reuse are as follows [1].

  • Efficiency - this eventually reduces the designing or coding time.
  • Standardization - gives a standard feel for all the softwares.
  • Debugging - since it uses the code which is already debugged and tested the debugging will be easy and won't consume time.
  • Resource Reduction - this can reduce the software development cost and time.

Cons of Software Reuse

Some of the disadvantages of Software Reuse are as follows [1].

  • Mismatch - in some case the requirements or design might have some conflicts.
  • Requires time/effort to convert or match with the requirements - Even though it reduces the development time in some cases it consumes time if it does not match with our requirement.
  • Expense - Sometimes, some components might be costly which in turn increases the project cost or budget because this may be too expensive for the project.
  • Security - This is one of the most important issues that affect software reuse. We can see this in detail in the following section.

Software Security is considered as a mandatory element throughout the software development lifecycle. According to the product security goals, the security is considered as a part of system design. So a proper attention must be given from the day one of the development process for each and every components or module that is to be developed because implementing security at the final stage of the development is highly impossible and sometime it might even affect the features of the product that is developed. If the developer decided to implement the security at the end then this will be a time consuming process and even security cannot be implemented in an efficient manner. Even this could be one of the main reasons which could affect software reuse because if security is not implemented in the individual components or module then and if we tend to use that particular module or components then obliviously the newly developed software will tend to increase the security risks. From this we can have a clear picture that security should be integrated for each modules or components otherwise it will be difficult to implement it later and moreover implementing a secure reusable software will become a question mark for the developers. Even though the use of components has many advantages, in general a component is considered highly vulnerable in terms of security. This is caused mainly by the bugs in the code or due to some malicious code in the component which may be known or unknown to the developer [2].

Challenges in Software Reuse and Security

General Security Enforcements for Reusable Softwares

As the above sections clearly describes about the reusable software security and their advantages we can infer that implementing or handling security in the components will a good idea. So at the time component/module design itself, the developers should think about the security along with requirements, features and usability's. To successfully implement this every developer should have their own guidelines for the components before the implementations. For instance a web application can have the following security threats [3].

  • Validating Input attacks - are Cross-site scripting (XSS) or Buffer size overflow.
  • Authentication attacks - are dictionary attacks, Key logger.
  • Cryptography attacks - are poor encryption or poor key management.
  • Exception management attacks - are disclosing information.

In order to avoid these types of security risks or treats the developer should have proper design plan. In general the developer or the programmer might have number of issues but some of these issues should strictly consider based upon their priority. For instance to develop a web service based component the following issues are to be considered [4].

  • Authorisation should be given based upon their role or level in the project.
  • All the sensitive data of the components should be protected.
  • The security audit should be considered as requirements.
  • Provide sufficient security for the code access.

In general this means that the developer should try to handle all the possible security measure in the component or module that may arise in the future.

Security Concerns in Component Reuse

According to Kim. Y and Lee. S article [5] most of the component that are been developed uses the security API for enforcing security in their component. These API requires the security function, where these codes reside inside the components and this will reduce the reusability. To overcome this problem Kim and Lee suggested the separation model which separates the security and the core component so that the core components has the key features of the components and the security components implements the security issues. This model also includes a new component known as aspect component which acts as an intermediate component for security and core component. The main purpose of this aspect component is to define the rules for the other components. With the help of this separation model it is easy for the developer to improve the security strength of the component. The figure given below shows the Separation model [5].

As an extension to this model they modified the original one in order to support additional security features for the component reuse. This model includes a new component called wrapper model. The wrapper model simply wraps the black box component and gives the way for its modification this is done to include the security function in the black box from of components and with the help of this separation model this can be transformed into white box form of component. The figure given below shows the detailed block diagram of the extension model.

The software reuse is mainly used to improve the productivity and the quality of product that is developed or the software development. Since the black box does not have or give more information, this can reduce the component reusability. In order to overcome this problem we have to use this separation model which is shown in the above figure. In this model the wrapper component encloses the interface for the core the component. So the core component calls the security component with the help of this interface. Now the Core component has the black box and the wrapper model encloses the white box, so the security rules can be updated or modified according to their need. Therefore by sticking to this separation extension model the developer can implement the security for their components [5].

Reusable Security Requirement

Similar to other requirements and components security requirements can also be reused by another software development. According to D.G Firesmith [6], by reusing security requirements will also improves the quality, productivity and security of the software development. As an overview almost all the software products have the same vulnerabilities, threats and attacks but in some cases this may change according to the application. These security issues are almost handled in the same way in most of the application. Due to these reasons we can infer that the security requirements can be standardized. Similar to the other requirement the security requirement will also affect the quality of the product. In order to handle the security requirement efficiently a template can be created and reused so that it will be easy for the developer to handle the security issues. So a template can be created for the security requirement and can be reused by all the applications and its domains. The template should enclose the details such as.

  • Requirements.
  • Its sub-factors.
  • Measures.
  • Key conditions - this is can sub divided into the following.
  • Asset.
  • Threats.
  • Attackers.
  • These are the key elements which is required for most the applications. In some cases the application may need to handle more issues so at that time the requirements team and the security team should have a discussion about their security issues. With the help of this template the security requirements are received from the client and after this, these requirements should be analysed by the security team and if there is any disputes with the requirements that should be cleared with the clients or the requirement team [6].

    From the above two section (Security Concerns in Component Reuse and Reusable Security Requirement) we can infer that both the authors handle security issues that the improvement in reusable software but in different aspects. So from these, we can make an extension by combining these together, so that the security requirements need not be taken for all the components of the application and this will intentionally improve the security and the reusable components or software.



    1. Ian Sommerville 2004, "Software Engineering", 7th edition. Chapter 18.
    2. Llewellyn-Jones. D, Merabti. M, Askwith. B and Shi. Q, "An Extensible Framework for Practical Secure Component Composition in a Ubiquitous Computing Environment," in International Conference on Information Technology, Las Vegas, USA, April, 2004.
    3. "Improving Web Application Security: Threats and Counter Measures", published by Microsoft Corporation, , viewed on Oct 2nd 2009.
    4. "Building Secure Serviced Components" Published by Microsoft Corporation, , viewed on Oct 2nd 2009.
    5. Young-Soo Kim and Sang-Ho Lee, "Separation of Concerns Security Model for Extension of Component Reuse" in International Symposium on Ubiquitous Multimedia Computing, Korea, 2008.
    6. Donald G. Firesmith, "Analyzing and Specifying Reusable Security requirements", Software Engineering Institute, Carnegie Mellon University, Pittsburgh.