Incorporating software security: using developer workshops to engage product managers

Weir, Charles; Becker, Ingolf; Blair, Lynne

doi:10.1007/s10664-022-10252-0

Cited by 5 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the authors in [30] explain that the primary reason why software development teams do not implement security is due to a lack of knowledge and experience in different types of vulnerabilities. This is supported by the authors in [31], who point out that datamany competent software development teams still do not implement secure, privacy-preserving software, even though techniques to do so are now well-known. The major cause of this is lack of priority and resources for security.…”

Section: Sources Of Software Quality and Security Issuesmentioning

confidence: 95%

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.

show abstract

Section: Sources Of Software Quality and Security Issuesmentioning

confidence: 95%

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

show abstract

“…Security concerns are not implemented by software engineers as a continuous process in early software development; they are valued at the end of software development (Humayun et al, 2023;Nazir & Nazir, 2018). According to the research "Veracode, 2018," software developers aren't paying enough attention to security issues; therefore, all applications are vulnerable to threats (Weir et al, 2022). The majority of software engineers initially do not care about security concerns, Yet, the software engineers are gradually realizing that security for requirements engineering is essential for software development (Weir et al, 2021;Weir et al, 2022).…”

Section: Literature Reviewmentioning

confidence: 99%

“…According to the research "Veracode, 2018," software developers aren't paying enough attention to security issues; therefore, all applications are vulnerable to threats (Weir et al, 2022). The majority of software engineers initially do not care about security concerns, Yet, the software engineers are gradually realizing that security for requirements engineering is essential for software development (Weir et al, 2021;Weir et al, 2022). According to recent study, many software development procedures do not clearly contain methods for integrating software security from the early stages of software development (Khan & Khan, 2018b).…”

Section: Literature Reviewmentioning

confidence: 99%

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Janisar,

Shafee,

Sarlan

et al. 2024

IJARBSS

View full text Add to dashboard Cite

Security awareness is crucial at every stage of the software development life cycle. Studies emphasize the importance of addressing security requirements (SR) early in the requirement engineering phase to effectively mitigate security issues. However, the software development team (SDT) currently lacks sufficient awareness regarding the security requirements assurance (SRA) for mitigating security issues in secure software development. The objective of this study is to assess the (SDT) security knowledge in early software development. A survey was distributed, questions were based on (SR) within the context of security requirement engineering (SRE). A total of 58 responded to the survey. The results indicate that the (SDT) demonstrates a satisfactory level of knowledge regarding security (KOS), security requirements elicitation and analysis (SREA), and approaches within the domain of SRE. However, the results pertaining to security requirement assurance (SRA) were found unsatisfactory. Descriptive statistics were employed to analyse the mean scores of KOS=3.79, SRE=3.61, SREA=3.67, and SRA=2.71. SRE presented the strong Pearson correlation with SREA=.596**. Also, regression coefficient produces positive outcome with (SRA) and (SREA). Though, software development teams need to collaborate with the researcher to enhance the awareness about security requirement assurance during the secure development process.

show abstract

Accelerating Product Success: Designing a Digital Adoption Framework to Elevate Developer Experiences

Mahanta,

Bhattacharya

2023

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Incorporating software security: using developer workshops to engage product managers

Cited by 5 publications

References 47 publications

Security risks in the software development lifecycle: A review

Security risks in the software development lifecycle: A review

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Accelerating Product Success: Designing a Digital Adoption Framework to Elevate Developer Experiences

Contact Info

Product

Resources

About