Abstract:Evidence from data breach reports shows that many competent software development teams still do not implement secure, privacy-preserving software, even though techniques to do so are now well-known. A major factor causing this is simply a lack of priority and resources for security, as decided by product managers. So, how can we help developers and product managers to work together to achieve appropriate decisions on security and privacy issues? This paper explores using structured workshops to support teams o… Show more
“…the authors in [30] explain that the primary reason why software development teams do not implement security is due to a lack of knowledge and experience in different types of vulnerabilities. This is supported by the authors in [31], who point out that datamany competent software development teams still do not implement secure, privacy-preserving software, even though techniques to do so are now well-known. The major cause of this is lack of priority and resources for security.…”
Section: Sources Of Software Quality and Security Issuesmentioning
Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.
“…the authors in [30] explain that the primary reason why software development teams do not implement security is due to a lack of knowledge and experience in different types of vulnerabilities. This is supported by the authors in [31], who point out that datamany competent software development teams still do not implement secure, privacy-preserving software, even though techniques to do so are now well-known. The major cause of this is lack of priority and resources for security.…”
Section: Sources Of Software Quality and Security Issuesmentioning
Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.
“…Security concerns are not implemented by software engineers as a continuous process in early software development; they are valued at the end of software development (Humayun et al, 2023;Nazir & Nazir, 2018). According to the research "Veracode, 2018," software developers aren't paying enough attention to security issues; therefore, all applications are vulnerable to threats (Weir et al, 2022). The majority of software engineers initially do not care about security concerns, Yet, the software engineers are gradually realizing that security for requirements engineering is essential for software development (Weir et al, 2021;Weir et al, 2022).…”
Section: Literature Reviewmentioning
confidence: 99%
“…According to the research "Veracode, 2018," software developers aren't paying enough attention to security issues; therefore, all applications are vulnerable to threats (Weir et al, 2022). The majority of software engineers initially do not care about security concerns, Yet, the software engineers are gradually realizing that security for requirements engineering is essential for software development (Weir et al, 2021;Weir et al, 2022). According to recent study, many software development procedures do not clearly contain methods for integrating software security from the early stages of software development (Khan & Khan, 2018b).…”
Security awareness is crucial at every stage of the software development life cycle. Studies emphasize the importance of addressing security requirements (SR) early in the requirement engineering phase to effectively mitigate security issues. However, the software development team (SDT) currently lacks sufficient awareness regarding the security requirements assurance (SRA) for mitigating security issues in secure software development. The objective of this study is to assess the (SDT) security knowledge in early software development. A survey was distributed, questions were based on (SR) within the context of security requirement engineering (SRE). A total of 58 responded to the survey. The results indicate that the (SDT) demonstrates a satisfactory level of knowledge regarding security (KOS), security requirements elicitation and analysis (SREA), and approaches within the domain of SRE. However, the results pertaining to security requirement assurance (SRA) were found unsatisfactory. Descriptive statistics were employed to analyse the mean scores of KOS=3.79, SRE=3.61, SREA=3.67, and SRA=2.71. SRE presented the strong Pearson correlation with SREA=.596**. Also, regression coefficient produces positive outcome with (SRA) and (SREA). Though, software development teams need to collaborate with the researcher to enhance the awareness about security requirement assurance during the secure development process.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.