Paper Review: Investigating Secure Software Development in SDLC

Verified

Added on 2022/09/25

AI Summary

This report reviews the research paper "The practice of secure software development in SDLC: an investigation through existing model and a case study" by Karim et al. (2016). The paper investigates the integration of security practices within the Software Development Life Cycle (SDLC) to address the gap in implementing security strategies in software development. It highlights the problem of software engineers often considering security as a non-functional requirement and the lack of integrated security processes. The study aims to identify issues, requirements, and propose a model to integrate security measures early in the SDLC. The research employs literature reviews, case studies, and interviews with professionals from various industries to gather data. The proposed model was validated through expert reviews. The key findings emphasize the importance of security policies and guidelines at each SDLC stage. The paper concludes by suggesting that the proposed model can enhance software security and promote the incorporation of security measures in the early development process. The model contributes to the field by analyzing theory-based frameworks and conducting research with a set of methodologies. The research suggests that future work should focus on expanding the proposed model and recommending the use of additional tools.

Assignment 2: Paper review
Name of the Student
Name of the University

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Karim, N.S.A., Albuolayan, A., Saba, T. and Rehman, A., 2016. The practice of secure software
development in SDLC: an investigation through existing model and a case study. Security and
Communication Networks, 9(18), pp.5333-5345.
This paper has been focused on practice on secure software development in SDLC by
investigating an existing model and a case study. Software security has been an essential
requirement for software systems. This research analyses utilizing a case study and
methodologies which are utilized in software development in Saudi Arabia and describes a
model for integrating security into the SDLC.
1. An effective software application has achieved its intended purpose for ensuring a proper user
experience in a completely safe environment. However, issues raised in writing application
which is able to meet all success criterion in the software development. Software need to security
resilient and maintain secured approach to user data and information stored in the application.
Several issues are happening in the developmental approach of the software. Several developers
and engineers are working for mitigating such security issues related to data privacy. Several
other researches have been working in this field, however, there has been gap of implementing
security strategies in the software developmental approach. Past researches are not able to
maintaining a significant approach in developing safe and secured software development
processes. Therefore, there is gap in implementing proper approaches in securing software
development. This research has focused on this gap.
2. The main problem in the software development has been that software engineers have been
considering security as non-functional requirements including reliability and performance.
Security has not been fully integrated within the development lifecycle. There are no software
development processes exist for constantly develop secured software. Issues have been

investigated in software security related to agile methods. Agile methods have been criticized
due to unavailability of security in their processes.
3. The aim of research is to identify proper means of introducing security measures in early
phases of SDLC.
Following are objectives of the study:
 To identify current issues in the development of a software
 To identify requirements for developing secure software development process
 To propose a new model which will an extension of the existing model in SDLC
approach
Following are research questions:
 What are current issues in the development of a software?
 What are requirements for developing secure software development process?
 How a new model can mitigate security issues in software development process?
There are no hypothesis mentioned in the paper as this research will propose a new model for
mitigating security issues in software development process.
4. Previous theory have indicated that software engineers have not focusing on the security as an
essential part of software development. They have been focusing on design and usability of
software. Therefore, previous theories have not focused on information security concerns of user
data over the software. Software engineers have been documenting all their assumptions abd
identifying possible attacks.

5. A literature review has been conducted for investigating the work of previous researchers who
have conducted or provided their views on security in software development. The existing
framework has been used as preliminary framework for cases study. Case studies have been
utilized for exploratory investigations. These are descriptive and observational in nature.
Interviews have been collected in order to understand about software security has been
considered in the case study. “Data has been collected from interviewing main members in every
team responsible for success of a phase in SDLC. Relevant documents have been analyzed for
finding evidence of any security policies and guidelines. These documents were Project Planning
Procedure, Case Analysis Document and Business Requirements Document. A conceptual model
has been made from the literature and validated by s=different experts. This has been achieved
by structured and unstructured survey research design. Responses have been collected from 15
professionals working in software development in three industries including Finance,
Government and Information Technology and services.”
6. Data analysis has been done in order to solve the problem. This research has provided
significant policies and knowledge regarding proposing a model which allowed researchers for
continuing its development and verification at various stages. Managers and engineers can use
this model to engineer software which is more secured in early development process.
Subsequently, there are various methods to get partners prerequisites. When the groups got the
prerequisites, the investigation stage started by utilizing business examination. The procedure
included dissecting the necessities and afterward characterizing answers for these prerequisites.
When business examination finishes these necessities, the groups start a procedure known as
composing a CAD. Inside the CAD archive, all prerequisites are given, including the
acknowledgment criteria, testing, and portrayal of each venture of this stage.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

7. “The proposed model has been additionally approved right now area, through a specialist audit
of the amended adaptation. The reason for existing is to get formal master feelings on the
suitability of the proposed model, to improve programming security in view of the specialists'
direction. The proposed model was introduced to three programming engineers. The input was
given through conversation what's more, meetings to generate new ideas. The principal question
looked for their supposition about whether this model could upgrade programming security. The
subsequent inquiry posed to how receiving this model could influence programming security.
Architects are for the most part in full understanding that utilizing this proposed model can
upgrade programming security.”
8. “This research has contributed to the knowledge and practices with the help of proposing a
model which allows researcher for continuing its development and verification at several
settings. Mangers and developers have been able to use this model for monitoring security
purposes in the software development. This model can help in promoting the idea of security
measures in the developmental stages. This model has been developed by analyzing theory based
framework and conducting research with a set of methodologies in research. Development of
security policies have been done with the help of this research.”
9. “The exploration has distinguished different significant components as security approaches,
forms being polished, and devices utilized inside the SDLC through the survey of the writing and
the contextual analysis examined. The proof accumulated from the field demonstrates the
absence of clear approach and rules that are set up at the undertaking the board level inside each
period of the SDLC. Right now, furthermore, check were accumulated to inspire the genuine
exercises that are fitting for incorporation at each period of the SDLC By applying the proposed
model, the SDLC can be administered also, security can be fused in various stages; thus,

different security issues and issues can be overwhelmed with a lot prior. Numerous occurrences
of defects and ruptures of security measures and benchmarks happen close to the finish of
improvement forms. Therefore, these occurrences become unreasonably exorbitant for the
organization and the partners to shoulder. Along these lines, this model can advance the
possibility that safety efforts can be built up a lot before in the improvement process and utilized
for all product designing ventures, whether or not a cascade or light-footed approach is utilized.
For a beginning, this model was created essentially by dissecting hypothesis based structures,
and at that point invigorating them through research directed with a set up set of philosophies in
a genuine research setting. Along these lines, the model can contribute fundamentally to explore
in the product designing field, where extra research can help improve the structure. This model
expects to join security best practices into various SDLC stages alongside venture the board.
Additionally, future research can likewise focus on extending the proposed demonstrate and
recommend the utilization of extra instruments.”

References
Karim, N.S.A., Albuolayan, A., Saba, T. and Rehman, A., 2016. The practice of secure software
development in SDLC: an investigation through existing model and a case study. Security and
Communication Networks, 9(18), pp.5333-5345.