Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping

Sánchez‐Gordón, Mary; Colomo‐Palacios, Ricardo; Sánchez, Alex; Seco, Antonio de Amescua; Larrucea, Xabier

doi:10.1007/978-3-319-64218-5_1

Cited by 2 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our analysis reveals that some strategies have received more attention than others in the 14 reviewed studies. For example, a total of 7 articles address security throughout the Software Development Life Cycle (SDLC) via security practices [75], [76], [7], [73], [77], [78], [79]. This represents 10.1% of the total reviewed articles, indicating a relatively low proportion of studies focusing on addressing security comprehensively in all stages of the software development lifecycle.…”

Section: Discussionmentioning

confidence: 99%

“…Another benefit is the guarantee to reach a high level of quality and functionality of the software maximizing the added value to the software by the benefits of developing a robust software. Development Life Cycle (SDLC) through security practices [75], [76], [7], [73], [77], [78], [79]. This represents 10.1% of the total reviewed articles, indicating that there is a relatively low proportion of studies that focus on addressing security comprehensively in all stages of the software development cycle.…”

Section: Articlementioning

confidence: 99%

“…This methodology adopts aspects of software architecture, encourages the support of specialized tools, and can improve the ability of other SSDL methods to address cryptographic issues. 64 Towards the integration of security practices in the software implementation process of ISO/IEC 29110: A mapping [79] The objective of this study is to help raise awareness of the software security process among small business professionals and to assist in the integration of these practices with the ISO/IEC 29110 software implementation process, resulting in an extension of the latter with additional activities identified from industry best practices. 65 TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem [128] The purpose of this article is to address trust in the global software ecosystem (SECO) and its implications for society.…”

Section: N Article Citementioning

confidence: 99%

See 2 more Smart Citations

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Valdés-Rodríguez,

Hochstetter-Diez,

Diéguez-Rebolledo

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Incorporating security into software development in small and medium-sized enterprises (SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an uncertain and fast-paced environment like that of an agile setting. Given the growing threat of cyberattacks, it is imperative to address this issue. This article examines and subsequently analyzes existing strategies in the literature regarding secure software development in the context of SMEs employing agile methodologies. The study initiates a systematic literature review to identify strategies employed in this context. The findings reveal that 57.9% of the studies present strategies to tackle security in agile software development, with 20.2% specifically focusing on SMEs. Subsequently, practices demonstrating success in integrating security measures into the software development lifecycle (SDLC) are analyzed and categorized. The results underscore the necessity of addressing security in the agile environment, as it remains a significant challenge in software development. Effective approaches are also required for small businesses to ensure application protection and long-term sustainability.INDEX TERMS agile development; security practices; secure development; SMEs; sustainability

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Articlementioning

confidence: 99%

Section: N Article Citementioning

confidence: 99%

See 1 more Smart Citation

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Valdés-Rodríguez,

Hochstetter-Diez,

Diéguez-Rebolledo

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…We have distributed and used these practices to build our assessment framework, which is presented in the next section. [3], [15], [16], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [42], [61], [62], [63], [64], [ Use a scheme to classify applications based on data confidentiality 3 [42], [60], [65] 6 Perform design and architecture security risk analysis 15 [58], [61], [65] , [66], [67], [68], [69], [70], [50], [71], [72], [73], [74], [75] 7…”

Section: B Secure Software Design Practicesmentioning

confidence: 99%

“…[56], [54], [67], [74], [76] 8 Security specification review 2 [67], [71] 9 Minimize software attack surface or access points 8 [3], [15], [45], [49], [57], [70], [75] 10 Identify and segregate trusted entities from untrusted entities 8 [3], [46], [55], [58], [67], [70], [71], [77] 11 18 Design security features using diagrams 2 [67], [68] 19 Consider security principles in design 14 [5], [16], [45], [49], [55], [56], [57], [61], [62], [65], [70], [72], [74], [79] 20 Minimize or eliminate unnecessary functionality 3 [67], [71], [ [16], [42], [49], [56], [64], [73], [77], [80]…”

Section: B Secure Software Design Practicesmentioning

confidence: 99%

A Maturity Model for Secure Software Design: A Multivocal Study

et al. 2020

View full text Add to dashboard Cite

Security is one of the most important software quality attributes. Software security is about designing and developing secure software that does not allow the integrity, confidentiality, and availability of its code, data, or service to be compromised. Organizations tend to consider security as an afterthought, and they continue to suffer from security risks. Developing secure software requires taking security into consideration in all phases of the Software Development Life Cycle (SDLC). Several approaches have been developed to improve software quality, such as Capability Maturity Model Integration (CMMI). However, software security issues have not been addressed in a proper manner and incorporating security practices into the SDLC remains a challenge. The objective of this paper is to develop a framework to improve the process of designing secure products in software development organizations. To achieve this objective, a Multivocal Literature Review (MLR) was conducted to identify the relevant studies in both the formal and grey literature. A total of 38 primary studies were identified, and available evidence was synthesized into 8 knowledge areas and 65 best practices to build a Secure Software Design Maturity Model (SSDMM). The framework was developed based on the structure of CMMI v2.0 and evaluated through case studies in real-world environments. The case study results indicate that SSDMM is useful in measuring the maturity level of an organization for the secure design phase of SDLC. SSDMM will assist organizations in evaluating and improving their software design security practices. It will also provide a foundation for researchers to develop new software security approaches.

show abstract

Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping

Cited by 2 publications

References 11 publications

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

A Maturity Model for Secure Software Design: A Multivocal Study

Contact Info

Product

Resources

About