Risk Centric Activities in Secure Software Development in Public Organisations

2017 ◽  
Vol 8 (4) ◽  
pp. 1-30 ◽  
Author(s):  
Inger Anne Tøndel ◽  
Martin Gilje Jaatun ◽  
Daniela Soares Cruzes ◽  
Nils Brede Moe
Keyword(s):  
Software Development ◽  
Software Security ◽  
Development Projects ◽  
Security Risks ◽  
Security Issues ◽  
Security Practices ◽  
Secure Software Development ◽  
Public Organisations ◽  
Stakeholder Cooperation

When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article presents the results of a study made among 23 public organisations, mapping their risk-centric activities and practices, and challenges for implementing them. The authors found that their software security practices were not based on an assessment of software security risks, but rather driven by compliance. Additionally, their practices could in many cases be characterised as arbitrary, late and error driven, with limited follow up on any security issues throughout their software development projects. Based on the results of the study, the authors identified the need for improvements in three main areas: responsibilities and stakeholder cooperation; risk perception and competence; and, practical ways of doing risk analysis in agile projects.

A Systematic Review and Catalog of Security Metric during the Secure Software Development Life Cycle

2020 ◽  
Vol 13 ◽  
Author(s):  
Sampada G.C ◽  
Tende Ivo Sake ◽  
Amrita
Keyword(s):  
Systematic Review ◽  
Life Cycle ◽  
Software Development ◽  
Software Security ◽  
Security Assessment ◽  
Security Metrics ◽  
Development Life Cycle ◽  
Development Processes ◽  
Secure Software Development ◽  
Software Development Life Cycle

Background: With the advancement in the field of software development, software poses threats and risks to customers’ data and privacy. Most of these threats are persistent because security is mostly considered as a feature or a non-functional requirement, not taken into account during the software development life cycle (SDLC). Introduction: In order to evaluate the security performance of a software system, it is necessary to integrate the security metrics during the SDLC. The appropriate security metrics adopted for each phase of SDLC aids in defining the security goals and objectives of the software as well as quantify the security in the software. Methods: This paper presents systematic review and catalog of security metrics that can be adopted during the distinguishable phases of SDLC, security metrics for vulnerability and risk assessment reported in the literature for secure development of software. The practices of these metrics enable software security experts to improve the security characteristics of the software being developed. The critical analysis of security metrics of each phase and their comparison are also discussed. Results: Security metrics obtained during the development processes help to improve the confidentiality, integrity, and availability of software. Hence, it is imperative to consider security during the development of the software, which can be done with the use of software security metrics. Conclusion: This paper reviews the various security metrics that are meditated in the copious phases during the progression of the SDLC in order to provide researchers and practitioners with substantial knowledge for adaptation and further security assessment.

A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

scholarly journals Secure Software Development Techniques and Challenges in their Practical Application

2020 ◽  
Author(s):  
Sun Jun Ee ◽  
Yi Hong Tong ◽  
Ahmed Ifrah Ibrahim ◽  
F Zahra
Keyword(s):  
Software Development ◽  
Development Environment ◽  
Software Companies ◽  
Development Framework ◽  
Security Practices ◽  
Secure Software ◽  
User Data ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Software Development Techniques

The main focus of this paper is to analyze and discuss the secure software development practices currently being adopted in the industry along with their significance, as well as to identify the challenges faced by developers when undertaking measures and techniques in writing secure software. It is a well-known fact that software security has been the top priority of many software companies such as Google and Facebook to thwart attackers and protect user data in this world full of cybercriminals. Understanding how most software companies in the industry operate to ensure security helps developers to identify strengths and weaknesses in their current security frameworks. Hence, by researching into previous literature and papers that are relevant to the topic and by conducting an interview with a professional in the field, this paper provides insights on the most popular secure software development framework and practices in the world as well as problems faced by companies when adopting these practices. Several security practices and activities that are required to create secure software are discovered alongside the problems that arise when companies are trying to apply these practices. This paper also proposes a few solutions that can be used to resolve these problems, which can be easily understood and implemented by software companies to transition into a truly secure software development environment.

A Survey on Secure Software Development Lifecycles

2013 ◽  
pp. 57-73 ◽  
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

scholarly journals A Case-based Management System for Secure Software Development Using Software Security Knowledge

2015 ◽  
Vol 60 ◽  
pp. 1092-1100 ◽  
Author(s):  
Masahito Saito ◽  
Atsuo Hazeyama ◽  
Nobukazu Yoshioka ◽  
Takanori Kobashi ◽  
Hironori Washizaki ◽  
...  
Keyword(s):  
Software Development ◽  
Management System ◽  
Software Security ◽  
Secure Software ◽  
Secure Software Development ◽  
Case Based

Challenges and Solutions for Addressing Software Security in Agile Software Development

2018 ◽  
Vol 9 (1) ◽  
pp. 1-17
Author(s):  
Ronald Jabangwe ◽  
Kati Kuusinen ◽  
Klaus R Riisom ◽  
Martin S Hubel ◽  
Hasan M Alradhi ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
Agile Software Development ◽  
Functional Requirements ◽  
Process Dynamics ◽  
Relevance Assessment ◽  
Security Practices ◽  
Development Context ◽  
Development Processes ◽  
Agile Software

There has been a surge in the number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus, there is a need to ensure that security-related tasks are effectively integrated in the software development processes. However, integrating security practices with agile software development is not trivial due to, for instance, differences in process dynamics and the concentration on functional vs non-functional requirements. In this article, the authors present a literature review on the challenges and solutions when adopting security in an agile software development context. Their findings suggest that there are ongoing efforts to integrate security-practices in agile methods, but more research is needed to make the processes more optimized and simpler for developers. A rigor and relevance assessment on primary studies highlights a need for improving the manner in which studies on the topic are performed as well as reported.

Sign in / Sign up

Export Citation Format

Share Document