Vol.71, No.3, 2022, pp.5039-5059, doi:10.32604/cmc.2022.019289
OPEN ACCESS
ARTICLE
Security Threat and Vulnerability Assessment and Measurement in Secure Software Development
  • Mamoona Humayun1, NZ Jhanjhi2,*, Maram Fahhad Almufareh1, Muhammad Ibrahim Khalil3
1 Department of Information Systems, College of Computer and Information Sciences, Jouf University, Al-Jouf, KSA
2 School of Computer Science and Engineering (SCE), Taylor's University, Selangor, Malaysia
3 Department of Computer Science, Bahria University, Islamabad, Pakistan
* Corresponding Author: NZ Jhanjhi. Email:
Received 08 April 2021; Accepted 10 May 2021; Issue published 14 January 2022
Abstract
Security is critical to the success of software, particularly in today's fast-paced, technology-driven environment. It ensures that data, code, and services maintain their CIA (Confidentiality, Integrity, and Availability). This is only possible if security is taken into account at all stages of the SDLC (Software Development Life Cycle). Various approaches to software quality have been developed, such as CMMI (Capability maturity model integration). However, there exists no explicit solution for incorporating security into all phases of SDLC. One of the major causes of pervasive vulnerabilities is a failure to prioritize security. Even the most proactive companies use the “patch and penetrate” strategy, in which security is accessed once the job is completed. Increased cost, time overrun, not integrating testing and input in SDLC, usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today's ICT world. There is a need to implement best practices in SDLC to address security at all levels. To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines. We proposed a secure SDLC framework based on the identified practices, which integrates the best security practices in various SDLC phases. A mathematical model is used to validate the proposed framework. A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.
Keywords
Security; secure software development; software development life cycle (SDLC); confidentiality; integrity; availability
Cite This Article
M. Humayun, N. Jhanjhi, M. F. Almufareh and M. I. Khalil, "Security threat and vulnerability assessment and measurement in secure software development," Computers, Materials & Continua, vol. 71, no.3, pp. 5039–5059, 2022.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.