Methodologies to identify and mitigate security threats in software development: two systematic reviews

Paulina Silva, René Noël, Santiago Matalonga, Hernán Astudillo, Diego Gatica, Gastón Marquez

Research output: Contribution to journalArticle

4 Downloads (Pure)

Abstract

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.
Original languageEnglish
Article number5
JournalCLEI Electronic Journal
Volume19
Issue number3
DOIs
Publication statusPublished - 1 Dec 2016
Externally publishedYes

    Fingerprint

Keywords

  • Software Engineering
  • Secure Software Systems
  • Empirical Software Engineering

Cite this