Ayesha Khalid, Mushtaq Raza, Palwasha Afsar, Rafiq Ahmad Khan, Muhammad Ismail Mohmand, Hanif Ur Rahman
{"title":"A SWOT Analysis of Software Development Life Cycle Security Metrics","authors":"Ayesha Khalid, Mushtaq Raza, Palwasha Afsar, Rafiq Ahmad Khan, Muhammad Ismail Mohmand, Hanif Ur Rahman","doi":"10.1002/smr.2744","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Cyber security is an ongoing and critical concern due to persistent threats posed by threat actors, such as hackers and crackers. With the development of information and communication technologies (ICT), the widespread usage of software systems has transformed modern society in many ways but also created new issues in protecting confidential and sensitive information. The quantification of security measures can provide evidence to support decision-making in software security, particularly when assessing the security performance of software systems. This entails understanding the key quality criteria of security metrics, which can assist in constructing security models aligned with practical requirements. To delve deeper into this subject, the current study conducted a systematic literature review (SLR) on security metrics and measures within the realm of secure software development (SSD). The study selected 61 research publications for data extraction based on the specific inclusion and exclusion criteria. The study identified 215 software security metrics and classified them into different phases of software development life cycle (SDLC). In order to evaluate the most cited metrics in each phase of SDLC, the strengths, weaknesses, opportunities, and threats (SWOT) analysis was performed. The SWOT analysis offers a structured framework enabling researchers to make more effective, well-informed decisions and mitigate potential risks, ultimately contributing to more valuable research findings. The study's findings provide researchers guidance for exploring emerging trends and addressing existing gaps in SDLC. This study also provides software professionals with a more comprehensive understanding of security measurements, constraints, and open-ended specific and general issues.</p>\n </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2024-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Software-Evolution and Process","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/smr.2744","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Cyber security is an ongoing and critical concern due to persistent threats posed by threat actors, such as hackers and crackers. With the development of information and communication technologies (ICT), the widespread usage of software systems has transformed modern society in many ways but also created new issues in protecting confidential and sensitive information. The quantification of security measures can provide evidence to support decision-making in software security, particularly when assessing the security performance of software systems. This entails understanding the key quality criteria of security metrics, which can assist in constructing security models aligned with practical requirements. To delve deeper into this subject, the current study conducted a systematic literature review (SLR) on security metrics and measures within the realm of secure software development (SSD). The study selected 61 research publications for data extraction based on the specific inclusion and exclusion criteria. The study identified 215 software security metrics and classified them into different phases of software development life cycle (SDLC). In order to evaluate the most cited metrics in each phase of SDLC, the strengths, weaknesses, opportunities, and threats (SWOT) analysis was performed. The SWOT analysis offers a structured framework enabling researchers to make more effective, well-informed decisions and mitigate potential risks, ultimately contributing to more valuable research findings. The study's findings provide researchers guidance for exploring emerging trends and addressing existing gaps in SDLC. This study also provides software professionals with a more comprehensive understanding of security measurements, constraints, and open-ended specific and general issues.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
