Toward a readiness model for secure software coding

Mamoona Humayun*, Mahmood Niazi, Noor Zaman Jhanjhi, Sajjad Mahmood, Mohammad Alshayeb

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


The heart of the application's secure operation is its software code. If the code contains flaws, the entire program might be hacked. The issue with software vulnerabilities is that they reveal coding flaws that hackers could exploit. The prevention of cybersecurity issues begins with the program code itself. When writing software code, a software developer must consider expressing the application's architecture and design requirements, keeping the code streamlined and efficient, and ensuring the code is safe. Secure code helps save the system from various cyber-attacks by eliminating the weaknesses that many hacks rely on. To assist the software organization in Secure Software Coding (SSC), this article proposes a readiness model for SSC, namely SSCRM. The proposed model has five levels; SSC challenges and best practices (BP) are mapped at each level. The proposed model will help the organizations better understand SSC challenges and BPs and provide a roadmap for developing secure software code. The proposed model was evaluated using three case studies. The findings demonstrate that the proposed approach helps determine an organization's SSC level.

Original languageEnglish
Pages (from-to)1013-1035
Number of pages23
JournalSoftware - Practice and Experience
Issue number4
StatePublished - Apr 2023

Bibliographical note

Funding Information:
The authors would like to acknowledge the support provided by The Deanship of Research Oversight and Coordination via Project number DF201007 at King Fahd University of Petroleum and Minerals, Saudi Arabia.

Publisher Copyright:
© 2022 John Wiley & Sons Ltd.


  • case study
  • readiness model
  • secure SDLC
  • secure coding

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Toward a readiness model for secure software coding'. Together they form a unique fingerprint.

Cite this