Systematic Literature Review on Security Risks and its Practices in Secure Software Development
Date
2022-01-05Metadata
Show full item recordAbstract
Security is one of the most critical aspects of software quality. Software security refers to the process of creating and developing software that assures the integrity, confidentiality, and availability of its code, data, and services. Software development organizations treat security as an afterthought issue, and as a result, they continue to face security threats. Incorporating security at any level of the Software Development Life Cycle (SDLC) has become an urgent requirement. Several methodologies, strategies, and models have been proposed and developed to address software security, but only a few of them give reliable evidence for creating secure software applications. Software security issues, on the other hand, have not been adequately addressed, and integrating security procedures into the SDLC remains a challenge. The major purpose of this paper is to learn about software security risks and practices so that secure software development methods can be better designed. A systematic literature review (SLR) was performed to classify important studies to achieve this goal. Based on the inclusion, exclusion, and quality assessment criteria, a total of 121 studies were chosen. This study identified 145 security risks and 424 best practices that help software development organizations to manage the security in each phase of the SDLC. To pursue secure SDLC, this study prescribed different security activities, which should be followed in each phase of the SDLC. Successful integration of these activities minimizing effort, time, and budget while delivering secure software applications. The findings of this study assist software development organizations in improving the security level of their software products and also enhancing their security efficiency. This will raise the developer's awareness of secure development practices as well.
Collections
- Accounting & Information Systems [537 items ]
Related items
Showing items related by title, author, creator and subject.
-
The 6th Annual Conference 2021 (Day1)
Aras, Bulent; Baabood, Abdullah; Dehghani, Hamid Reza; Abbasi, Fahimeh; Haghirian, Mehran; Sánchez, Victoria Silva; Yaghi, Mohammad; Abdelmoneium, Azza; Haieri-Yazdi, Asieh; Heiran-Nia, Javad; Bashir, Fadlh; Ferreyra, Matías; Al-Mohannadi, Fatma Hilal; Foyth, Joel... more authors ... less authors ( Gulf Studies center - College of Arts & Sciences - Qatar University , 2021 , Video)Session 1: Frameworks and Approaches to the Regional Security System in the Gulf - Session 2: Non-Conventional Security Aspects in the Gulf: Towards a Comprehensive Security - Session 3: Roles and Policies of the GCC States ... -
The 6th Annual Conference 2021 (Day2)
Parmeter, Ian; Bukhari, Asiya; Owen Jones, Marc; Bijan, Aref; Ghurab, Salem; Hatef, Kamyar; Jaferi, Maryam; Altiok, Huzeyfe; Baycar, Hamdullah... more authors ... less authors ( Gulf Studies center - College of Arts & Sciences - Qatar University , 2021 , Video)Session 4: Cyber Security in the Gulf - Session 5: External Actors and Case Studies -
Software-defined networking security: Pros and cons
Dabbagh, Mehiar; Hamdaoui, Bechir; Guizani, Mohsen; Rayes, Ammar ( Institute of Electrical and Electronics Engineers Inc. , 2015 , Article)Software-defined networking (SDN) is a new networking paradigm that decouples the forwarding and control planes, traditionally coupled with one another, while adopting a logically centralized architecture aiming to increase ...