E-resources
Peer reviewed
Open access
-
Khan, Rafiq Ahmad; Akbar, Muhammad Azeem; Rafi, Saima; Almagrabi, Alaa Omran; Alzahrani, Musaad
Journal of software : evolution and process, 20/May , Volume: 36, Issue: 5Journal Article
Technological advancement makes the world a global village. Security is an evergreen and everlasting area, because of the continuous threat from Hackers and Crackers. The immense use of software systems has modernized human society in every aspect. Thus, it is crucial to devise new processes, techniques, and tools to support teams in the development of secure code from the early stages of the software development process, while potentially reducing the costs and shortening the time to market. Considering the significance of software security, it is important to consider the security practices from the early phase of the software development life cycle (SDLC), that is, requirements engineering (RE). Hence, this study aims to identify and categorize RE practices important to apply for secure software development (SSD) in a geographically distributed development environment. To study the RE practices concerning SSD, we conducted a questionnaire survey with industrial experts in the global software development (GSD) context. Furthermore, the interpretive structure modeling (ISM) approach was applied to evaluate the relationship between the RE security practice core categories. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show that the “Awareness of Secure Requirement Engineering (SRE)” category has the most decisive influence on the other 10 core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show that the “Awareness of Secure Requirement Engineering (SRE)” category has the most decisive influence on the other 10 core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process. Figure: Leveling of SRE Practices Categories.
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Shelf entry
Permalink
- URL:
Impact factor
Access to the JCR database is permitted only to users from Slovenia. Your current IP address is not on the list of IP addresses with access permission, and authentication with the relevant AAI accout is required.
Year | Impact factor | Edition | Category | Classification | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Select the library membership card:
If the library membership card is not in the list,
add a new one.
DRS, in which the journal is indexed
Database name | Field | Year |
---|
Links to authors' personal bibliographies | Links to information on researchers in the SICRIS system |
---|
Source: Personal bibliographies
and: SICRIS
The material is available in full text. If you wish to order the material anyway, click the Continue button.