Towards a Secure Software Coding Readiness Model (SSCRM)

Secure software is very important software quality. Secure Software does not compromise the confidentiality, integrity, and availability of the data, code, or service [1]. Software Security is about building secure software: designing software to be secure, making sure that software is secure, and educating software developers, architects, and users about how to build secure things [2]. Due to its importance, several research work have been conducted to propose information security maturity models that measures the capability of digital forensics organizations and IT security maturity which focuses on the ability of organizations to fulfill security objectives [3]. However, incorporating security practices and processes into different phases of the software development life cycle remains a challenge task which can be addressed through software security maturity models. The objective of this research proposal is to propose a Readiness Model for Secure Software Coding (SSCRM) to assist software development organizations in better developing secure software code. We will employ practical and evidence-based approaches such as systematic literature review and empirical studies within the software industry, to develop the proposed model. This process will ensure the confidence and the reliability of the collected data. In addition, we will conduct case studies to evaluate the use of SSCRM in a real-world environment. SSCRM will significantly impact the software security issues that are currently affecting software development organizations. This work will provide researchers with a firm foundation on which to develop new secure software coding approaches. In addition, the project outcomes will provide software development organizations with the ability to measure their readiness of developing secure code. This work will help software development organizations in a better position to deliver secure software. SSCRM will be available to Saudi researchers and software practitioners via a website. SSCRM will enable the managers of software projects in the Saudi market evaluate their strengths and weaknesses in terms of measuring their ability to develop secure software code.