Moderator factors of software security and performance verification

Abstract

Context:Security and performance are critical software non-functional requirements. Therefore, verification activities should be included in the development process to identify related defects, avoiding failures after deployment. However, there is a lack of understanding on factors moderating the security and performance verification, which jeopardizes organizations to improve their verification activities to assure the releasing of software fulfilling these requirements. Objective:To identify moderator factors influencing security and performance verification and actions to promote them. Methods:Case study to identify security and performance moderators factors. Rapid Literature Reviews with Snowballing to strengthen moderator factors confidence. Practitioners Survey to classify the moderator factors relevance. Results:Identification of eight security and performance moderator factors regarding organizational awareness, cross-functional team, suitable requirements, support tools, verification environment, verification methodology, verification planning, and reuse practices. Rapid Reviews confirmed the moderator factors and revealed actions to promote each. A survey with 37 practitioners allowed us to classify the moderator factors and their actions regarding their relevancy. Conclusions:The moderator factors can be considered key points to software development organizations implement/improve security and performance verification activities in regular software systems. Further investigation is necessary to support the understanding of these moderator factors when building modern software systems.