Secure Coding and Software Vulnerabilities in Implementation Phase of Software Development

Abstract: The methodology in software development has shifted from waterfall to agile, which has earned appreciation as cost-effective development due to its speedy software delivery, under limited time constraints. At the same time, cyber attacks have become more surreptitious that are pretending threats to software. Security elements and practices in software development phases eliminate software vulnerabilities. Vulnerabilities happen in the software due to the unavailability of security practices during the levels … Show more

“…According to S. Pooja [1], which is based on an analysis of The National Vulnerability Database (NVD) (USA), over the past three years, the number of digital code vulnerabilities has increased by 26.6% (2019 -17.3 thousand records / 2021 -21.9 thousand records), data from M. Fu [2] points to the rapid growth of software code vulnerabilities -in 5 times during the last decade, J. Zhou [3] points out that about 64% of the core software of the banks of the global financial community have digital code vulnerabilities, which according to 2021 is estimated in the losses from cybercrime of $ 6 trillion. Analysis of the data presented in the aforementioned publications, as well as in other relevant publications on the specified research vector [4][5][6][7][8][9][10][11][12][13], allows us to come to the following conclusion: 90% of software vulnerabilities are caused by the violations and defects in the source code, 21% of incidents involving loss of confidential data are caused by vulnerabilities in the digital code of software products used, every third software application being implemented and used at present has a digital code body, and in 1000 lines of software code it is revealed up to 60 % of the vulnerabilities. Consequently, due to the presence of such a system error, which tends to multiply significantly, the need to find and develop adequate solutions that will significantly improve information and cyber-digital security, as well as to secure critical infrastructure objects operating under the control of cyber-physical systems, becomes urgent.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

“…According to S. Pooja [1], which is based on an analysis of The National Vulnerability Database (NVD) (USA), over the past three years, the number of digital code vulnerabilities has increased by 26.6% (2019 -17.3 thousand records / 2021 -21.9 thousand records), data from M. Fu [2] points to the rapid growth of software code vulnerabilities -in 5 times during the last decade, J. Zhou [3] points out that about 64% of the core software of the banks of the global financial community have digital code vulnerabilities, which according to 2021 is estimated in the losses from cybercrime of $ 6 trillion. Analysis of the data presented in the aforementioned publications, as well as in other relevant publications on the specified research vector [4][5][6][7][8][9][10][11][12][13], allows us to come to the following conclusion: 90% of software vulnerabilities are caused by the violations and defects in the source code, 21% of incidents involving loss of confidential data are caused by vulnerabilities in the digital code of software products used, every third software application being implemented and used at present has a digital code body, and in 1000 lines of software code it is revealed up to 60 % of the vulnerabilities. Consequently, due to the presence of such a system error, which tends to multiply significantly, the need to find and develop adequate solutions that will significantly improve information and cyber-digital security, as well as to secure critical infrastructure objects operating under the control of cyber-physical systems, becomes urgent.…”

Secure Change Management Process: On the Effectiveness of DevSecOps