Exploring software security approaches in software development lifecycle: A systematic mapping study

Nabil M. Mohammed, Mahmood Niazi*, Mohammad Alshayeb, Sajjad Mahmood

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

80 Scopus citations

Abstract

There is an increase use of security driven approaches to support software development activities, such as requirements, design and implementation. The objective of this paper is to identify the existing software security approaches used in the software development lifecycle (SDLC). In order to meet our goal, we conducted a systematic mapping study to identify the primary studies on the use of software security techniques in SDLC. In total, we selected and categorized 118 primary studies. After analyzing the selected studies, we identified 52 security approaches and we categorized them in to five main categories, namely, ‘secure requirements modeling’, ‘vulnerability identification, adaption and mitigation’, ‘software security focused process’, ‘extended UML-based secure modeling profiles’, ‘non UML-based secure modeling notations’. The results show that the most frequently used approaches are static analysis and dynamic analysis that provide security checks in the coding phase. In addition, our results show that many studies in this review considered security checks around the coding stage of software development. This work will assist software development organizations in better understanding the existing software security approaches used in the software development lifecycle. It can also provide researchers with a firm basis on which to develop new software security approaches.

Original languageEnglish
Pages (from-to)107-115
Number of pages9
JournalComputer Standards and Interfaces
Volume50
DOIs
StatePublished - 1 Feb 2017

Bibliographical note

Publisher Copyright:
© 2016 Elsevier B.V.

Keywords

  • Empirical study
  • Software development life cycle
  • Software security
  • Systematic mapping study

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Law

Fingerprint

Dive into the research topics of 'Exploring software security approaches in software development lifecycle: A systematic mapping study'. Together they form a unique fingerprint.

Cite this