Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2024.057587
Journal Menu
Special Issues
Table of Content

All issues

Online First

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

REVIEW

Review of Techniques for Integrating Security in Software Development Lifecycle

Hassan Saeed1, Imran Shafi1, Jamil Ahmad2, Adnan Ahmed Khan3, Tahir Khurshaid4,*, Imran Ashraf5,*
1 College of Electrical and Mechanical Engineering, National University of Sciences and Technology (NUST), Rawalpindi, 46604, Pakistan
2 Department of Computer Science, Abasyn University Islamabad Campus, Islamabad, 45510, Pakistan
3 Military College of Signals, National University of Sciences and Technology (NUST), Rawalpindi, 46600, Pakistan
4 Department of Electrical Engineering, Yeungnam University, Gyeongsan, 38541, Republic of Korea
5 Department of Information and Communication Engineering, Yeungnam University, Gyeongsan, 38541, Republic of Korea
* Corresponding Author: Tahir Khurshaid. Email: email; Imran Ashraf. Email: email

Computers, Materials & Continua https://doi.org/10.32604/cmc.2024.057587

Received 21 August 2024; Accepted 05 December 2024; Published online 19 December 2024

Abstract

Software-related security aspects are a growing and legitimate concern, especially with 5G data available just at our palms. To conduct research in this field, periodic comparative analysis is needed with the new techniques coming up rapidly. The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle (SDLC) by analyzing the articles published in the last two decades and to propose a way forward. This review follows Kitchenham’s review protocol. The review has been divided into three main stages including planning, execution, and analysis. From the selected 100 articles, it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks (CSSRs) through effective risk management/estimation techniques. Quantifying risks using a numeric scale enables a comprehensive understanding of their severity, facilitating focused resource allocation and mitigation efforts. Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker, organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape. The review reveals that threat analysis and security testing are needed to develop automated tools for the future. Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security. The accuracy of effort estimation can be further improved by exploring new techniques, particularly those involving deep learning. It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed. Another challenge is selecting the right model for each specific security threat. To achieve a comprehensive evaluation, researchers should use well-known benchmark checklists.

Keywords

Software development lifecycle; systematic literature review; critical software security risks; national institute of standards and technology; DevSecOps; open web application security project; McGraw’s touch points

  • 46

    View

  • 13

    Download

  • 0

    Like

Related articles
Copyright© 2024 Tech Science Press
© 1997-2024 TSP (Henderson, USA) unless otherwise stated

Share Link