Security Assurance Model of Software Development for Global Software Development Vendors

Abstract

The number of security attacks and the impact has grown considerably in the recent several years. As a result, new emerging software development models are required that assist in developing software that is secure by default. This article reviews the most widely used security software models. It proposes a new Security Assurance Model (SAM) for Software Development that is adaptable to all contemporary scenarios, emphasizing global software development (GSD) vendor companies. The SAM of Software Development was developed after studying 11 well-known development models and analyzing results obtained from a systematic literature review (SLR) and questionnaire survey. The SAM of Software Development consists of seven security assurance levels: Governance and Security Threat Analysis, Secure Requirement Analysis, Secure Design, Secure Coding, Secure Testing and Review, Secure Deployment, and Security Improvement. The security assurance levels of SAM of software development consist of 46 critical software security risks (CSSRs) and 388 practices for addressing these risks. The proposed SAM of Software Development was assessed based on a tool created by Motorola, which is used to evaluate the present state of a company’s software processes and find areas for improvement. We conducted 3 case studies on software development companies, using data from real software projects to examine the results of a practical experiment in each company. The results of the case studies indicate that the proposed SAM of Software Development helps measure the security assurance level of an organization. In addition, it can potentially serve as a framework for researchers to develop new software security measures.