Abstract

Security is critical to the success of software, particularly in today's fast-paced, technology-driven environment. It ensures that data, code, and services maintain their CIA (Confidentiality, Integrity, and Availability). This is only possible if security is taken into account at all stages of the SDLC (Software Development Life Cycle). Various approaches to software quality have been developed, such as CMMI (Capability maturity model integration). However, there exists no explicit solution for incorporating security into all phases of SDLC. One of the major causes of pervasive vulnerabilities is a failure to prioritize security. Even the most proactive companies use the “patch and penetrate” strategy, in which security is accessed once the job is completed. Increased cost, time overrun, not integrating testing and input in SDLC, usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today's ICT world. There is a need to implement best practices in SDLC to address security at all levels. To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines. We proposed a secure SDLC framework based on the identified practices, which integrates the best security practices in various SDLC phases. A mathematical model is used to validate the proposed framework. A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.