<i>'Think secure from the beginning'</i>

Assal, Hala; Chiasson, Sonia

doi:10.1145/3290605.3300519

Cited by 74 publications

(25 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they do not address the issue of the development of systems that meet privacy and security requirements [53]. Additionally, Assal and Chiasson [54] indicated that security guidelines do not exist or are not mandated by the companies or that developers might lack the ability or proper expertise to identify vulnerabilities despite having general security knowledge. Our reviewed studies, including S3 [12], S4 [32], S12 [9], and S20 [39], have pointed out a general lack of security guidelines for developing secure mHealth apps.…”

Section: C1: Lack Of Security Guidelines and Regulations For Developing Secure Mhealth Appsmentioning

confidence: 99%

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Aljedaani¹,

Babar²

2021

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

Background Mobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps. Objective In this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. Methods We followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data. Results Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges. Conclusions While mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development.

show abstract

Section: C1: Lack Of Security Guidelines and Regulations For Developing Secure Mhealth Appsmentioning

confidence: 99%

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Aljedaani¹,

Babar²

2021

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

show abstract

“…It has also been observed that several factors including dependability, trustworthiness, and human trust have been ignored which also play a key role for longer security during the software development process. Further, security-and durability-related literature are discussed as follows: In 2019, H. Assal and S. Chiasson have presented a survey report and discussed the security strategies for prediction of life span for security services [24]. Development companies are trying to develop secure and durable services as per the users' needs and market values.…”

Section: Literature Reviewmentioning

confidence: 99%

Measuring Security Durability of Software through Fuzzy-Based Decision-Making Process

Kumar¹,

Zarour²,

Alenezi³

et al. 2019

IJCIS

114

View full text Add to dashboard Cite

It is critical to develop secure software with long-term performance and capability to withstand and forestall the growing competition in the software development industry. To enhance the potential of Confidentiality, Integrity, and Availability (CIA), a mechanism is required to built in and secure the durability at the time of software development. Security of a software product is durable if the software works efficiently for user's satisfaction up to the expected duration. Despite the fact that focusing on security which is durable enough considerably reduces maintenance cost, the work done on addressing security as well as durability issues simultaneously during software development remains minimal. To achieve durable security, there is a need to fill the gap between security and durability through identifying and establishing a relationship between security and durability attributes. This article extends the concept of the life span of security services and assesses as well as prioritizes security durability attributes by taking a real-time case study. While building durable security, security experts often face complicated decision problems. Hence, multi-criteria decision-making techniques have been used to solve the issues of measuring conflicting tangible/intangible criteria. In addition, the fuzzy simple average method is used for finding out the rating of security durability attributes. The work has been demonstrated by taking a case study. The results of the study would be useful for security developers to assure the importance of attributes for improving the duration of security.

show abstract

“…Additionally, the company's culture, resource availability and security-incidents directly impact the adoption of security practices. In another study, Assal et al [9], explored how developers influence and get influenced by organizational processes. They found that the organization process needs better structure to support the developers.…”

Section: Secure Software Developmentmentioning

confidence: 99%

Secure Software Engineering in the Financial Services: A Practitioners' Perspective

Arora¹,

Vargas²,

Aniche³

et al. 2021

Preprint

View full text Add to dashboard Cite

Secure software engineering is a fundamental activity in modern software development. However, while the field of security research has been advancing quite fast, in practice, there is still a vast knowledge gap between the security experts and the software development teams. After all, we cannot expect developers and other software practitioners to be security experts. Understanding how software development teams incorporate security in their processes and the challenges they face is a step towards reducing this gap. In this paper, we study how financial services companies ensure the security of their software systems. To that aim, we performed a qualitative study based on semi-structured interviews with 16 software practitioners from 11 different financial companies in three continents. Our results shed light on the security considerations that practitioners take during the different phases of their software development processes, the different security practices that software teams make use of to ensure the security of their software systems, the improvements that practitioners perceive as important in existing state-of-the-practice security tools, the different knowledge-sharing and learning practices that developers use to learn more about software security, and the challenges that software practitioners currently face when it comes to secure their systems.

show abstract

'Think secure from the beginning'

Cited by 74 publications

References 39 publications

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Measuring Security Durability of Software through Fuzzy-Based Decision-Making Process

Secure Software Engineering in the Financial Services: A Practitioners' Perspective

Contact Info

Product

Resources

About