TY - JOUR
T1 - Systematic Mapping of the Literature on Secure Software Development
AU - Nina, Hernan
AU - Pow-Sang, Jose Antonio
AU - Villavicencio, Monica
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2021/3/9
Y1 - 2021/3/9
N2 - The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.
AB - The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.
KW - Software development
KW - construction
KW - design
KW - requirements
KW - security
KW - systematic mapping review
KW - testing
KW - vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85101857461&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2021.3062388
DO - 10.1109/ACCESS.2021.3062388
M3 - Article
AN - SCOPUS:85101857461
SN - 2169-3536
VL - 9
SP - 36852
EP - 36867
JO - IEEE Access
JF - IEEE Access
M1 - 9363884
ER -