Establishing Performance Baselines for Secure Software Development

IF 2.6 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Information Security Pub Date : 2025-08-08 DOI:10.1049/ise2/6139424

Ying-Ti Tsai, Chung-Ho Wang, Yung-Chia Chang, Lee-Ing Tong

{"title":"Establishing Performance Baselines for Secure Software Development","authors":"Ying-Ti Tsai, Chung-Ho Wang, Yung-Chia Chang, Lee-Ing Tong","doi":"10.1049/ise2/6139424","DOIUrl":null,"url":null,"abstract":"<p>The COVID-19 pandemic has impacted the world, prompting a shift toward remote work and stay-at-home economies, altering routines for individuals and businesses. Organizations have had to swiftly implement digital solutions to enable productive and efficient remote work, a trend that is becoming increasingly common. In this context, enterprise programmers often rely on open-source software from social platforms to accelerate application development. However, the source code on these platforms may not always be regularly updated or well-maintained, posing security risks. These risks are exacerbated when programmers need more security software-focused development practices, testing for vulnerabilities, or applying necessary patches regularly. This study introduces two secure software development (SSD) performance baselines based on international standards and utilizing statistical process control (SPC): proactive information security awareness and reactive risk management. These baselines enable enterprise IT departments to monitor security awareness and improve the secure development capabilities of programmers and R&D teams, thereby mitigating the security risks of released software. A practical case study is presented to demonstrate the effectiveness of this approach.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6000,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6139424","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ise2/6139424","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The COVID-19 pandemic has impacted the world, prompting a shift toward remote work and stay-at-home economies, altering routines for individuals and businesses. Organizations have had to swiftly implement digital solutions to enable productive and efficient remote work, a trend that is becoming increasingly common. In this context, enterprise programmers often rely on open-source software from social platforms to accelerate application development. However, the source code on these platforms may not always be regularly updated or well-maintained, posing security risks. These risks are exacerbated when programmers need more security software-focused development practices, testing for vulnerabilities, or applying necessary patches regularly. This study introduces two secure software development (SSD) performance baselines based on international standards and utilizing statistical process control (SPC): proactive information security awareness and reactive risk management. These baselines enable enterprise IT departments to monitor security awareness and improve the secure development capabilities of programmers and R&D teams, thereby mitigating the security risks of released software. A practical case study is presented to demonstrate the effectiveness of this approach.

Abstract Image

查看原文本刊更多论文

建立安全软件开发的性能基准

2019冠状病毒病大流行影响了世界，促使人们转向远程工作和居家经济，改变了个人和企业的日常生活。组织必须迅速实施数字解决方案，以实现高效和高效的远程工作，这一趋势正变得越来越普遍。在这种情况下，企业程序员通常依赖于来自社交平台的开源软件来加速应用程序的开发。然而，这些平台上的源代码可能并不总是定期更新或维护良好，从而带来安全风险。当程序员需要更多以安全软件为中心的开发实践、测试漏洞或定期应用必要的补丁时，这些风险就会加剧。本研究以国际标准为基础，利用统计过程控制（SPC）引入两种安全软件开发（SSD）性能基准：主动信息安全意识和被动风险管理。这些基线使企业IT部门能够监视安全意识，并提高程序员和研发团队的安全开发能力，从而降低已发布软件的安全风险。通过一个实际的案例研究，证明了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf