Methodologies to identify and mitigate security threats in software development: two systematic reviews

Paulina Silva, René Noël, Santiago Matalonga, Hernán Astudillo, Diego Gatica, Gastón Marquez

Research output: Contribution to journalArticle

Abstract

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.
Original languageEnglish
Article number5
JournalCLEI Electronic Journal
Volume19
Issue number3
DOIs
Publication statusPublished - 1 Dec 2016
Externally publishedYes

Fingerprint

Software engineering
Experiments

Keywords

  • Software Engineering
  • Secure Software Systems
  • Empirical Software Engineering

Cite this

Silva, Paulina ; Noël, René ; Matalonga, Santiago ; Astudillo, Hernán ; Gatica, Diego ; Marquez, Gastón. / Methodologies to identify and mitigate security threats in software development : two systematic reviews. In: CLEI Electronic Journal. 2016 ; Vol. 19, No. 3.
@article{e0f44a6aa06342a7b4db3040f16df070,
title = "Methodologies to identify and mitigate security threats in software development: two systematic reviews",
abstract = "Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.",
keywords = "Software Engineering, Secure Software Systems, Empirical Software Engineering",
author = "Paulina Silva and Ren{\'e} No{\"e}l and Santiago Matalonga and Hern{\'a}n Astudillo and Diego Gatica and Gast{\'o}n Marquez",
year = "2016",
month = "12",
day = "1",
doi = "10.19153/cleiej.19.3.5",
language = "English",
volume = "19",
journal = "CLEI Electronic Journal",
issn = "0717-5000",
publisher = "Latin American Center for Studies in Information Technology",
number = "3",

}

Methodologies to identify and mitigate security threats in software development : two systematic reviews. / Silva, Paulina; Noël, René; Matalonga, Santiago; Astudillo, Hernán; Gatica, Diego; Marquez, Gastón.

In: CLEI Electronic Journal, Vol. 19, No. 3, 5, 01.12.2016.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Methodologies to identify and mitigate security threats in software development

T2 - two systematic reviews

AU - Silva, Paulina

AU - Noël, René

AU - Matalonga, Santiago

AU - Astudillo, Hernán

AU - Gatica, Diego

AU - Marquez, Gastón

PY - 2016/12/1

Y1 - 2016/12/1

N2 - Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

AB - Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

KW - Software Engineering

KW - Secure Software Systems

KW - Empirical Software Engineering

U2 - 10.19153/cleiej.19.3.5

DO - 10.19153/cleiej.19.3.5

M3 - Article

VL - 19

JO - CLEI Electronic Journal

JF - CLEI Electronic Journal

SN - 0717-5000

IS - 3

M1 - 5

ER -