International Journal of Academic Research in Business and Social Sciences

search-icon

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Open access
Security awareness is crucial at every stage of the software development life cycle. Studies emphasize the importance of addressing security requirements (SR) early in the requirement engineering phase to effectively mitigate security issues. However, the software development team (SDT) currently lacks sufficient awareness regarding the security requirements assurance (SRA) for mitigating security issues in secure software development. The objective of this study is to assess the (SDT) security knowledge in early software development. A survey was distributed, questions were based on (SR) within the context of security requirement engineering (SRE). A total of 58 responded to the survey. The results indicate that the (SDT) demonstrates a satisfactory level of knowledge regarding security (KOS), security requirements elicitation and analysis (SREA), and approaches within the domain of SRE. However, the results pertaining to security requirement assurance (SRA) were found unsatisfactory. Descriptive statistics were employed to analyse the mean scores of KOS=3.79, SRE=3.61, SREA=3.67, and SRA=2.71. SRE presented the strong Pearson correlation with SREA=.596**. Also, regression coefficient produces positive outcome with (SRA) and (SREA). Though, software development teams need to collaborate with the researcher to enhance the awareness about security requirement assurance during the secure development process.
Almadani, B. (2022). Structure of security requirements: Insights from requirements elicitation. In.
Ambreen, T., Ikram, N., Usman, M., & Niazi, M. (2016). Empirical research in requirements engineering: trends and opportunities. Requirements Engineering, 23(1), 63-95. https://doi.org/10.1007/s00766-016-0258-2
Anderson, R. (2020). Security engineering: a guide to building dependable distributed systems. John Wiley & Sons.
Ansari, M. T. J., Pandey, D., & Alenezi, M. (2022). STORE: Security Threat oriented requirements engineering methodology. Journal of King Saud University - Computer and Information Sciences, 34(2), 191-203.
https://doi.org/10.1016/j.jksuci.2018.12.005
Anwar Mohammad, M. N., Nazir, M., & Mustafa, K. (2019). A systematic review and analytical evaluation of security requirements engineering approaches. Arabian Journal for Science and Engineering, 44(11), 8963-8987. https://doi.org/10.1007/s13369-019-04067-3
Batta, A., & Srivastava, D. K. (2021). A novel approach in requirement engineering during software build-up 2021 10th IEEE International Conference on Communication Systems and Network Technologies (CSNT),
Bloomfield, R., Bishop, P., Butler, E., & Netkachova, K. (2017). Using an assurance case framework to develop security strategy and policies. Computer Safety, Reliability, and Security: SAFECOMP 2017 Workshops, ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Trento, Italy, September 12, 2017, Proceedings 36,
Calinescu, R., Weyns, D., Gerasimou, S., Iftikhar, M. U., Habli, I., & Kelly, T. (2017). Engineering trustworthy self-adaptive software with dynamic assurance cases. IEEE Transactions on Software Engineering, 44(11), 1039-1069.
Canedo, E. D., Bandeira, I. N., Calazans, A. T. S., Costa, P. H. T., Cançado, E. C. R., & Bonifácio, R. (2022). Privacy requirements elicitation: A systematic literature review and perception analysis of IT practitioners. Requirements Engineering. https://doi.org/10.1007/s00766-022-00382-8
Fernández, D. M., Franch, X., Seyff, N., Felderer, M., Glinz, M., Kalinowski, M., Volgelsang, A., Wagner, S., Bühne, S., & Lauenroth, K. (2019). Do we preach what we practice? Investigating the practical relevance of requirements engineering syllabi-the ireb case. arXiv preprint arXiv:1902.01822.
Fujdiak, R., Mlynek, P., Mrnustik, P., Barabas, M., Blazek, P., Borcik, F., & Misurec, J. (2019). Managing the secure software development. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS),
Garousi, V., Co?kunçay, A., Demirörs, O., & Yazici, A. (2016). Cross-factor analysis of software engineering practices versus practitioner demographics: An exploratory study in Turkey. Journal of Systems and Software, 111, 49-73. https://doi.org/10.1016/j.jss.2015.09.013
Ghani, I., & Besrour, S. (2012). Questionnaire based approach to measure security in requirement engineering. International Journal of Computer Applications, 54(9), 31-34. https://doi.org/10.5120/8596-2359
Harris, K. D., & General, A. (2016). California data breach report. Retrieved August, 7, 2016.
Humayun, M., Niazi, M., Assiri, M., & Haoues, M. (2023). Secure global software development: A practitioners’ perspective. Applied Sciences, 13(4).
https://doi.org/10.3390/app13042465
Jahan, S., Marshall, A., & Gamble, R. (2019). Evaluating security assurance case adaptation.
Jahan, S., Pasco, M., Gamble, R., McKinley, P., & Cheng, B. (2019). MAPE-SAC: A framework to dynamically manage security assurance cases 2019 IEEE 4th International Workshops on Foundations and Applications of Self* Systems (FAS*W),
Jahan, S., Riley, I., Walter, C., Gamble, R. F., Pasco, M., McKinley, P. K., & Cheng, B. H. (2020). MAPE-K/MAPE-SAC: An interaction framework for adaptive systems with security assurance cases. Future Generation Computer Systems, 109, 197-209.
Kabir, S. (2021). Internet of things and safety assurance of cooperative cyber-physical systems: Opportunities and Challenges. IEEE Internet of Things Magazine, 4(2), 74-78. https://doi.org/10.1109/iotm.0001.2000062
Katt, B., & Prasher, N. (2018). Quantitative security assurance metrics.
Khan, R. A., & Khan, S. U. (2018a). A preliminary structure of software security assurance model. Proceedings of the 13th International Conference on Global Software Engineering,
Khan, R. A., & Khan, S. U. (2018b). A preliminary structure of software security assurance model Proceedings of the 13th International Conference on Global Software Engineering,
Khan, R. A., Khan, S. U., Ilyas, M., & Idris, M. Y. (2020). The State of the Art on Secure Software Engineering Proceedings of the Evaluation and Assessment in Software Engineering,
Khan, R. A., Khan, S. U., Khan, H. U., & Ilyas, M. (2021). Systematic Mapping study on security approaches in secure software engineering. IEEE Access, 9, 19139-19160. https://doi.org/10.1109/access.2021.3052311
Laporte, C., & O'Connor, R. (2016). Software process improvement in industry in a graduate software engineering curriculum. Software Quality Professional Journal, 18(3), 4-17.
Li, H., Li, X., Hao, J., Xu, G., Feng, Z., & Xie, X. (2017). FESR: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal Model 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS),
Lin, C.-L., Shen, W., & Cheng, B. (2020). Measuring confidence of assurance cases in safety-critical domains.
Lopez, T., Sharp, H., Tun, T., Bandara, A., Levine, M., & Nuseibeh, B. (2019). Talking about security with professional developers 2019 IEEE/ACM Joint 7th International Workshop on Conducting Empirical Studies in Industry (CESI) and 6th International Workshop on Software Engineering Research and Industrial Practice (SER&IP),
Mahmood, W., Rizvi, S., & Munir, S. (2022). Hindrance to requirements engineering during software development with globally distributed teams. International Journal of Information Engineering and Electronic Business, 14(2), 39-46.
https://doi.org/10.5815/ijieeb.2022.02.03
Maksimov, M., Kokaly, S., & Chechik, M. (2019). A survey of tool-supported assurance case assessment techniques. ACM Computing Surveys (CSUR), 52(5), 1-34.
Mall, R. (2018). Fundamentals of software engineering. PHI Learning Pvt. Ltd.
Melegati, J., Goldman, A., Kon, F., & Wang, X. (2019). A model of requirements engineering in software startups. Information and Software Technology, 109, 92-107. https://doi.org/10.1016/j.infsof.2019.02.001
Mohamad, M., Steghöfer, J.-P., & Scandariato, R. (2021). Security assurance cases—state of the art of an emerging approach. Empirical Software Engineering, 26(4). https://doi.org/10.1007/s10664-021-09971-7
Mufti, Y., Niazi, M., Alshayeb, M., & Mahmood, S. (2018). A readiness model for security requirements engineering. IEEE Access, 6, 28611-28631.
https://doi.org/10.1109/access.2018.2840322
Nazir, N., & Nazir, M. K. (2018). A review of security issues in SDLC. American Scientific Research Journal for Engineering, Technology, and Sciences (ASRJETS), 46(1), 247-259.
Niazi, M., Saeed, A. M., Alshayeb, M., Mahmood, S., & Zafar, S. (2020). A maturity model for secure requirements engineering. Computers & Security, 95. https://doi.org/10.1016/j.cose.2020.101852
Sonmez, O. F., & Kilic, B. G. (2021). Reusable security requirements repository implementation based on application/system components. IEEE Access, 9, 165966-165988. https://doi.org/10.1109/access.2021.3133020
Prabhakaran, S., & Selvadurai, K. (2018). Performance analysis of security requirements engineering framework by measuring the vulnerabilities. Int. Arab J. Inf. Technol., 15(3), 435-444.
Qadir, N., & Ahmad, R. (2022). SecRS template to aid novice developers in security requirements identification and documentation. International Journal of Software Engineering and Computer Systems, 8(1), 45-52.
Ragkhitwetsagul, C., Krinke, J., Choetkiertikul, M., Sunetnanta, T., & Sarro, F. (2022). Identifying software engineering challenges in software SMEs: A case study in Thailand.
Rehman, S. U., Allgaier, C., & Gruhn, V. (2018). Security requirements engineering: A framework for cyber-physical systems 2018 International Conference on Frontiers of Information Technology (FIT),
Sadiq, M., Devi, S. V., Ahmad, J., & Mohammad, C. W. (2021). Fuzzy logic driven security requirements engineering process. Journal of Information and Optimization Sciences, 42(7), 1685-1707. https://doi.org/10.1080/02522667.2021.1972618
Steinmann, J., & Ochoa, O. (2022). Supporting security requirements engineering through the development of the secure development ontology 2022 IEEE 16th International Conference on Semantic Computing (ICSC),
Villamizar, H., Kalinowski, M., Viana, M., & Fernandez, D. M. (2018). A systematic mapping study on security in agile requirements engineering 2018 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),
Weir, C., Becker, I., & Blair, L. (2021). A passion for security: Intervening to help software developers 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP),
Weir, C., Becker, I., & Blair, L. (2022). Incorporating software security: Using developer workshops to engage product managers. Empirical Software Engineering, 28(2). https://doi.org/10.1007/s10664-022-10252-0
Yeng, P., Wolthusen, S., & Yang, B. (2020). Comparative analysis of software development methodologies for security requirement analysis: Towards Healthcare Security Practice Proceedings of the 13 th IADIS International Conference Information Systems 2020,
Zareen, S., Akram, A., & Khan, A. S. (2020). Security requirements engineering framework with BPMN 2.0.2 extension model for development of information systems. Applied Sciences, 10(14). https://doi.org/10.3390/app10144981