Litcius/Paper detail

Security risks of global software development life cycle: Industry practitioner's perspective

Rafiq Ahmad Khan, Siffat Ullah Khan, Muhammad Azeem Akbar, Musaad Alzahrani

2022Journal of Software Evolution and Process26 citationsDOIOpen Access PDF

Abstract

Abstract Software security has become increasingly important because the malicious attack and other hacker risks of a computer system have grown popularity in the last few years. As a result, several researchers have examined security solutions as early as the requirement engineering phase. With the growth of the software business and the internet, there is a need to understand the security risks against each phase of the software development life cycle (SDLC). This study aims to empirically investigate and prioritize the risks that could negatively impact the software security aspects of SDLC in the context of global software development (GSD). To achieve the study objectives, we conducted an industrial empirical study to determine the impact of software security threats against each phase of SDLC. Furthermore, the fuzzy analytical hierarchy process (FAHP) was used to prioritize the list of software security risks against the SDLC. The results and analysis of this study provide a ranked‐based decision‐making framework, which assists the practitioners in considering the most critical security risks on priority. The results show “improper plan for secure requirement identification, inception, authentication, authorization, and privacy,” “lack of threat models updating,” “lack of output validation,” “lack of certification in the final release and archive,” and “spoofing” as the top‐ranked security risks of SDLC in GSD. In addition, the application of FAHP is novel in this domain as it is helpful to address multicriteria decision‐making problems.

Topics & Concepts

Systems development life cycleComputer securityComputer scienceSoftware developmentSoftware development processRisk analysis (engineering)Secure codingSoftware security assuranceInformation securityProcess managementSoftwareEngineeringBusinessSecurity serviceProgramming languageSoftware Engineering Techniques and PracticesSoftware Engineering ResearchInformation and Cyber Security
Security risks of global software development life cycle: Industry practitioner's perspective | Litcius