There is an increase use of security driven approaches to support software development activities, such as requirements, design and implementation. The objective of this paper is to identify the existing software security approaches used in the software development lifecycle (SDLC). In order to meet our goal, we conducted a systematic mapping study to identify the primary studies on the use of software security techniques in SDLC. In total, we selected and categorized 118 primary studies. After analyzing the selected studies, we identified 52 security approaches and we categorized them in to five main categories, namely, ‘secure requirements modeling’, ‘vulnerability identification, adaption and mitigation’, ‘software security focused process’, ‘extended UML-based secure modeling profiles’, ‘non UML-based secure modeling notations’. The results show that the most frequently used approaches are static analysis and dynamic analysis that provide security checks in the coding phase. In addition, our results show that many studies in this review considered security checks around the coding stage of software development. This work will assist software development organizations in better understanding the existing software security approaches used in the software development lifecycle. It can also provide researchers with a firm basis on which to develop new software security approaches.
Bibliographical noteFunding Information:
We are thankful to the Deanship of Academic Research, King Fahd University of Petroleum and Minerals , Saudi Arabia for supporting this research project via a project number IN141011 .
© 2016 Elsevier B.V.
- Empirical study
- Software development life cycle
- Software security
- Systematic mapping study
ASJC Scopus subject areas
- Hardware and Architecture