Abstract
Security is one of the most important software quality attributes. Software security is about designing and developing secure software that does not allow the integrity, confidentiality, and availability of its code, data, or service to be compromised. Organizations tend to consider security as an afterthought, and they continue to suffer from security risks. Developing secure software requires taking security into consideration in all phases of the Software Development Life Cycle (SDLC). Several approaches have been developed to improve software quality, such as Capability Maturity Model Integration (CMMI). However, software security issues have not been addressed in a proper manner and incorporating security practices into the SDLC remains a challenge. The objective of this paper is to develop a framework to improve the process of designing secure products in software development organizations. To achieve this objective, a Multivocal Literature Review (MLR) was conducted to identify the relevant studies in both the formal and grey literature. A total of 38 primary studies were identified, and available evidence was synthesized into 8 knowledge areas and 65 best practices to build a Secure Software Design Maturity Model (SSDMM). The framework was developed based on the structure of CMMI v2.0 and evaluated through case studies in real-world environments. The case study results indicate that SSDMM is useful in measuring the maturity level of an organization for the secure design phase of SDLC. SSDMM will assist organizations in evaluating and improving their software design security practices. It will also provide a foundation for researchers to develop new software security approaches.
Highlights
The number of software vulnerabilities is growing, and security issues are increasing with the popularity of Internet applications, social media systems, cloud computing, and the Internet of Things (IoT)
SECURE SOFTWARE DESIGN PRACTICES As a result of the Multivocal Literature Review (MLR) data synthesis, we identified a total of 71 security practices that are related to software design and are listed in Table 5 along with their frequency of occurrence
SECURITY ASSESSMENT FRAMEWORK FOR SOFTWARE DESIGN we describe the process of developing the Secure Software Design Maturity Model (SSDMM)
Summary
The number of software vulnerabilities is growing, and security issues are increasing with the popularity of Internet applications, social media systems, cloud computing, and the Internet of Things (IoT). There are more challenges to building secure software due to the large number of connected users and the complexity of software systems [1]. The associate editor coordinating the review of this manuscript and approving it for publication was Xiaobing Sun. complexity, extensibility, and connectivity of software systems, software design defects, flaws, and bugs are common challenges to building secure systems [1]. Complexity, extensibility, and connectivity of software systems, software design defects, flaws, and bugs are common challenges to building secure systems [1] Attackers exploit these issues to gain access to system resources through various types of attacks such as buffer overflow, incomplete mitigation, and race conditions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
