Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Khan, Rafiq Ahmad; Khan, Siffat Ullah; Khan, Habib Ullah; Ilyas, Muhammad

doi:10.1109/access.2022.3140181

Cited by 50 publications

(61 citation statements)

References 108 publications

(251 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Step 1: To investigate SRE strategies to help GSD organizations and practitioners manage SSD RE operations. Thereby, we performed a systematic literature review (SLR) approach and the preliminary findings of our published prior work [4].…”

Section: Methodsmentioning

confidence: 99%

“…Step 2: A questionnaire survey to verify and validate the categorization of security best practices of RE for GSD as identified through SLR [4].…”

Section: Methodsmentioning

confidence: 99%

“…Large corporations have lost millions of dollars due to security breaches, and this cost is rising [18]. According to Khan et al [4], early security requirements analysis can cut software development and maintenance costs by 12-21%. Previous studies by academia, industry, and standards groups have proposed solutions to these issues [7,19].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Integrating security into the software engineering paradigm is essential to secure the software development life cycle from its early stages [4]. Therefore, many researchers have considered security from the outset of software development, starting with requirement engineering (RE) [5].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Evaluation of Requirement Engineering Best Practices for Secure Software Development in GSD: An ISM Analysis

Khan

Akbar

Rafi

et al. 2023

Preprint

View full text Add to dashboard Cite

Technological advancement makes the world a global village. The immense use of software systems has modernized human society in every aspect. Thus, the security parameter is an important element that needs to be considered while developing software systems. Considering the significance of software security, it is important to consider the security practices from the early phase of the software development life cycle (SDLC), i.e., requirements engineering (RE). Hence, this study aims to identify and categorize RE practices important to apply for secure software development (SSD) in a geographically distributed development environment. To study the RE practices concerning SSD, we conducted a questionnaire survey with industrial experts in the global software development (GSD) context. Furthermore, the interpretive structure modeling (ISM) approach was applied to evaluate the relationship between the RE security practice core categories. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show the “Awareness of Secure Requirement Engineering (SRE)” category has the most decisive influence on the other ten core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Step 2: A questionnaire survey to verify and validate the categorization of security best practices of RE for GSD as identified through SLR [4].…”

Section: Methodsmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Evaluation of Requirement Engineering Best Practices for Secure Software Development in GSD: An ISM Analysis

Khan

Akbar

Rafi

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Every day, hackers and cybercriminals are coming up with new methods to take advantage of software flaws. Security should be a priority throughout the SDLC, allowing developers and stakeholders to identify and resolve possible security concerns early on in the process [11,12]. Therefore, it is necessary to adopt the concept of SSDLC, as shown in Figure 1.…”

Section: Software Security Verificationmentioning

confidence: 99%

Improving the Safety and Security of Software Systems by Mediating SAP Verification

Almufareh

Humayun

2023

Applied Sciences

View full text Add to dashboard Cite

Security and performance (SAP) are two critical NFRs that affect the successful completion of software projects. Organizations need to follow the practices that are vital to SAP verification. These practices must be incorporated into the software development process to identify SAP-related defects and avoid failures after deployment. This can only be achieved if organizations are fully aware of SAP verification activities and appropriately include them in the software development process. However, there is a lack of awareness of the factors that influence SAP verification, which makes it difficult for businesses to improve their verification efforts and ensure that the released software meets these requirements. To fill this gap, this research study aimed to identify the mediating factors (MFs) influencing SAP verification and the actions to promote them. Ten MFs and their corresponding actions were identified after thoroughly reviewing the existing literature. The mapping of MFs and their corresponding actions were initially evaluated with the help of a pilot study. Mathematical modeling was utilized to model these MFs and examine each MF’s unique effect on software SAP verification. In addition, two case studies with a small- and a medium-sized organization were used to better understand the function these MFs play in the process of SAP verification. The research findings suggested that MFs assist software development organizations in their efforts to integrate SAP verification procedures into their standard software systems. Further investigation is required to support the understanding of these MFs when building modern software systems.

show abstract

Security risks of global software development life cycle: Industry practitioner's perspective

Khan

Akbar

et al. 2022

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Software security has become increasingly important because the malicious attack and other hacker risks of a computer system have grown popularity in the last few years. As a result, several researchers have examined security solutions as early as the requirement engineering phase. With the growth of the software business and the internet, there is a need to understand the security risks against each phase of the software development life cycle (SDLC). This study aims to empirically investigate and prioritize the risks that could negatively impact the software security aspects of SDLC in the context of global software development (GSD). To achieve the study objectives, we conducted an industrial empirical study to determine the impact of software security threats against each phase of SDLC. Furthermore, the fuzzy analytical hierarchy process (FAHP) was used to prioritize the list of software security risks against the SDLC. The results and analysis of this study provide a ranked‐based decision‐making framework, which assists the practitioners in considering the most critical security risks on priority. The results show “improper plan for secure requirement identification, inception, authentication, authorization, and privacy,” “lack of threat models updating,” “lack of output validation,” “lack of certification in the final release and archive,” and “spoofing” as the top‐ranked security risks of SDLC in GSD. In addition, the application of FAHP is novel in this domain as it is helpful to address multicriteria decision‐making problems.

show abstract

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Cited by 50 publications

References 108 publications

Evaluation of Requirement Engineering Best Practices for Secure Software Development in GSD: An ISM Analysis

Evaluation of Requirement Engineering Best Practices for Secure Software Development in GSD: An ISM Analysis

Improving the Safety and Security of Software Systems by Mediating SAP Verification

Security risks of global software development life cycle: Industry practitioner's perspective

Contact Info

Product

Resources

About