Maturity model for secure software testing

Gulzar Alam, Sajjad Mahmood*, Mohammad Alshayeb, Mahmood Niazi, Saad Zafar

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Security is an essential attribute of high-quality software. However, effectively incorporating security practices into different phases of the software development life cycle (SDLC) remains challenging. Owing to less mature secure testing processes, organizations are prone to ineffective testing practices for defect detection, including severe security-related failures. Thus, in this study, we present a maturity model for secure software testing (MMSST) to assist software development organizations in improving the secure testing of software applications. We conducted a multivocal literature review and identified 68 primary studies from the formal and gray literature. Then, based on the available evidence, 27 process areas were identified to develop the proposed MMSST. The MMSST includes five main categories: governance, contrive and design, execution, deployment and configuration, and mature. The MMSST was subsequently evaluated using case studies related to practical environments. Results demonstrate that the proposed MMSST is useful for estimating the maturity level of an organization with respect to the secure testing phase of the SDLC. The participants of the case studies also agreed that the proposed MMSST is useful in terms of structure, user satisfaction, and ease of use. We believe that the proposed MMSST can help organizations evaluate and improve software security testing practices. In addition, the proposed MMSST is expected to provide researchers and industry practitioners with an effective foundation for developing new secure testing approaches and tools.

Original languageEnglish
Article numbere2593
JournalJournal of software: Evolution and Process
Volume36
Issue number5
DOIs
StatePublished - May 2024

Bibliographical note

Publisher Copyright:
© 2023 John Wiley & Sons Ltd.

Keywords

  • empirical study
  • maturity model
  • multivocal literature review
  • secure software
  • secure software testing

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Maturity model for secure software testing'. Together they form a unique fingerprint.

Cite this