Open Access

REVIEW

Review of Techniques for Integrating Security in Software Development Lifecycle

by Hassan Saeed¹, Imran Shafi¹, Jamil Ahmad², Adnan Ahmed Khan³, Tahir Khurshaid^4,*, Imran Ashraf^5,*

1 College of Electrical and Mechanical Engineering, National University of Sciences and Technology (NUST), Rawalpindi, 46604, Pakistan
2 Department of Computer Science, Abasyn University Islamabad Campus, Islamabad, 45510, Pakistan
3 Military College of Signals, National University of Sciences and Technology (NUST), Rawalpindi, 46600, Pakistan
4 Department of Electrical Engineering, Yeungnam University, Gyeongsan, 38541, Republic of Korea
5 Department of Information and Communication Engineering, Yeungnam University, Gyeongsan, 38541, Republic of Korea

* Corresponding Authors: Tahir Khurshaid. Email: ; Imran Ashraf. Email:

Computers, Materials & Continua 2025, 82(1), 139-172. https://doi.org/10.32604/cmc.2024.057587

Received 21 August 2024; Accepted 05 December 2024; Issue published 03 January 2025

Abstract

Software-related security aspects are a growing and legitimate concern, especially with 5G data available just at our palms. To conduct research in this field, periodic comparative analysis is needed with the new techniques coming up rapidly. The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle (SDLC) by analyzing the articles published in the last two decades and to propose a way forward. This review follows Kitchenham’s review protocol. The review has been divided into three main stages including planning, execution, and analysis. From the selected 100 articles, it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks (CSSRs) through effective risk management/estimation techniques. Quantifying risks using a numeric scale enables a comprehensive understanding of their severity, facilitating focused resource allocation and mitigation efforts. Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker, organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape. The review reveals that threat analysis and security testing are needed to develop automated tools for the future. Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security. The accuracy of effort estimation can be further improved by exploring new techniques, particularly those involving deep learning. It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed. Another challenge is selecting the right model for each specific security threat. To achieve a comprehensive evaluation, researchers should use well-known benchmark checklists.

---

Keywords

---