The state of the art on secure software engineering: A systematic mapping study

Abstract

Secure Software Development (SSD) is becoming a major challenge, due to the increasing complexity, openness and extensibility of Information and Communication Technologies (ICTs). These make the overall security requirements analysis very difficult. Many techniques have been theoretically developed, however, there is a lack of empirical evidence of its application in building secure software system. A Systematic Mapping Study (SMS) has been conducted in this paper to examine the existence of software security frameworks, models and methods. In total, we selected 116 primary studies. After examining the selected studies, we identified 37 Secure Software Engineering (SSE) paradigms/frameworks/models. The results show that the most frequently used SSE frameworks/models are "Microsoft Software Development Life Cycle (MS-SDL)", "Misuse case modeling", "Abuse case modeling", "Knowledge Acquisition for Automated Specification", "System Security Engineering-Capability Maturity Model (SSE-CMM)"and "Secure Tropos Methodology". This work will help organizations in the development of software to better understand existing security initiatives used in the development of secure software. It can also provide researchers with a basis for designing and developing new methods of software security and identifying new axis of research.