Details

Autor(en) / Beteiligte

• Mohammed, Nabil M.
• Niazi, Mahmood
• Alshayeb, Mohammad
• Mahmood, Sajjad

Titel

Exploring software security approaches in software development lifecycle: A systematic mapping study

Ist Teil von

• Computer standards and interfaces, 2017-02, Vol.50, p.107-115

Ort / Verlag

Amsterdam: Elsevier B.V

Erscheinungsjahr

2017

Link zum Volltext

Quelle

Alma/SFX Local Collection

Beschreibungen/Notizen

• There is an increase use of security driven approaches to support software development activities, such as requirements, design and implementation. The objective of this paper is to identify the existing software security approaches used in the software development lifecycle (SDLC). In order to meet our goal, we conducted a systematic mapping study to identify the primary studies on the use of software security techniques in SDLC. In total, we selected and categorized 118 primary studies. After analyzing the selected studies, we identified 52 security approaches and we categorized them in to five main categories, namely, ‘secure requirements modeling’, ‘vulnerability identification, adaption and mitigation’, ‘software security focused process’, ‘extended UML-based secure modeling profiles’, ‘non UML-based secure modeling notations’. The results show that the most frequently used approaches are static analysis and dynamic analysis that provide security checks in the coding phase. In addition, our results show that many studies in this review considered security checks around the coding stage of software development. This work will assist software development organizations in better understanding the existing software security approaches used in the software development lifecycle. It can also provide researchers with a firm basis on which to develop new software security approaches. •The objective is to identify the existing software security approaches used in the software development lifecycle.•We have conducted a systematic mapping study to identify the primary studies on the use of software security techniques.•We selected and categorized 118 primary studies.•We identified 52 security approaches and we categorized them in to five main categories.•The results show that the most frequently used approaches are static analysis and dynamic analysis.•Our results show that many studies considered security checks around the coding stage of software development.•This work will assist software development organizations in better understanding the existing software security approaches.