Systematic mapping of the literature on Secure Software Development
Descripción del Articulo
The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been exte...
| Autores: | , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2021 |
| Institución: | Universidad de Lima |
| Repositorio: | ULIMA-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorio.ulima.edu.pe:20.500.12724/12711 |
| Enlace del recurso: | https://hdl.handle.net/20.500.12724/12711 https://doi.org/10.1109/ACCESS.2021.3062388 |
| Nivel de acceso: | acceso abierto |
| Materia: | Software development Computer security Desarrollo de software Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| id |
RULI_a9e553d55e3206544e3e57c4d851fd47 |
|---|---|
| oai_identifier_str |
oai:repositorio.ulima.edu.pe:20.500.12724/12711 |
| network_acronym_str |
RULI |
| network_name_str |
ULIMA-Institucional |
| repository_id_str |
3883 |
| dc.title.en_EN.fl_str_mv |
Systematic mapping of the literature on Secure Software Development |
| title |
Systematic mapping of the literature on Secure Software Development |
| spellingShingle |
Systematic mapping of the literature on Secure Software Development Nina Hanco, Hernán Software development Computer security Desarrollo de software Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| title_short |
Systematic mapping of the literature on Secure Software Development |
| title_full |
Systematic mapping of the literature on Secure Software Development |
| title_fullStr |
Systematic mapping of the literature on Secure Software Development |
| title_full_unstemmed |
Systematic mapping of the literature on Secure Software Development |
| title_sort |
Systematic mapping of the literature on Secure Software Development |
| author |
Nina Hanco, Hernán |
| author_facet |
Nina Hanco, Hernán Pow Sang, Jose Antonio Villavicencio, Monica |
| author_role |
author |
| author2 |
Pow Sang, Jose Antonio Villavicencio, Monica |
| author2_role |
author author |
| dc.contributor.other.none.fl_str_mv |
Nina Hanco, Hernán |
| dc.contributor.author.fl_str_mv |
Nina Hanco, Hernán Pow Sang, Jose Antonio Villavicencio, Monica |
| dc.subject.en_EN.fl_str_mv |
Software development Computer security |
| topic |
Software development Computer security Desarrollo de software Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| dc.subject.es_PE.fl_str_mv |
Desarrollo de software Seguridad informática |
| dc.subject.ocde.none.fl_str_mv |
https://purl.org/pe-repo/ocde/ford#2.02.04 |
| description |
The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage. |
| publishDate |
2021 |
| dc.date.accessioned.none.fl_str_mv |
2021-03-15T20:14:01Z |
| dc.date.available.none.fl_str_mv |
2021-03-15T20:14:01Z |
| dc.date.issued.fl_str_mv |
2021 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article |
| dc.type.other.none.fl_str_mv |
Artículo en Scopus y Web of Science |
| format |
article |
| dc.identifier.citation.es_PE.fl_str_mv |
Nina, H., Pow-Sang, J.A. & Villavicencio, M. (20021). Systematic mapping of the literature on Secure Software Development. IEEE Access, 9, 36852 - 36867. https://doi.org/10.110910.1109/ACCESS.2021.3062388 |
| dc.identifier.issn.none.fl_str_mv |
2169-3536 |
| dc.identifier.uri.none.fl_str_mv |
https://hdl.handle.net/20.500.12724/12711 |
| dc.identifier.journal.none.fl_str_mv |
IEEE Access |
| dc.identifier.isni.none.fl_str_mv |
0000000121541816 |
| dc.identifier.wosid.none.fl_str_mv |
WOS:000628903500001 |
| dc.identifier.doi.none.fl_str_mv |
https://doi.org/10.1109/ACCESS.2021.3062388 |
| dc.identifier.scopusid.none.fl_str_mv |
2-s2.0-85101857461 |
| identifier_str_mv |
Nina, H., Pow-Sang, J.A. & Villavicencio, M. (20021). Systematic mapping of the literature on Secure Software Development. IEEE Access, 9, 36852 - 36867. https://doi.org/10.110910.1109/ACCESS.2021.3062388 2169-3536 IEEE Access 0000000121541816 WOS:000628903500001 2-s2.0-85101857461 |
| url |
https://hdl.handle.net/20.500.12724/12711 https://doi.org/10.1109/ACCESS.2021.3062388 |
| dc.language.iso.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.ispartof.none.fl_str_mv |
urn:issn:2169-3536 |
| dc.rights.*.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.uri.*.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.format.none.fl_str_mv |
application/html |
| dc.publisher.none.fl_str_mv |
IEEE |
| dc.publisher.country.none.fl_str_mv |
US |
| publisher.none.fl_str_mv |
IEEE |
| dc.source.none.fl_str_mv |
Repositorio Institucional - Ulima Universidad de Lima reponame:ULIMA-Institucional instname:Universidad de Lima instacron:ULIMA |
| instname_str |
Universidad de Lima |
| instacron_str |
ULIMA |
| institution |
ULIMA |
| reponame_str |
ULIMA-Institucional |
| collection |
ULIMA-Institucional |
| bitstream.url.fl_str_mv |
https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12711/2/license_rdf https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12711/3/license.txt |
| bitstream.checksum.fl_str_mv |
8fc46f5e71650fd7adee84a69b9163c2 8a4605be74aa9ea9d79846c1fba20a33 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Universidad de Lima |
| repository.mail.fl_str_mv |
repositorio@ulima.edu.pe |
| _version_ |
1847246545376772096 |
| spelling |
Nina Hanco, HernánPow Sang, Jose AntonioVillavicencio, MonicaNina Hanco, Hernán2021-03-15T20:14:01Z2021-03-15T20:14:01Z2021Nina, H., Pow-Sang, J.A. & Villavicencio, M. (20021). Systematic mapping of the literature on Secure Software Development. IEEE Access, 9, 36852 - 36867. https://doi.org/10.110910.1109/ACCESS.2021.30623882169-3536https://hdl.handle.net/20.500.12724/12711IEEE Access0000000121541816WOS:000628903500001https://doi.org/10.1109/ACCESS.2021.30623882-s2.0-85101857461The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.application/htmlengIEEEUSurn:issn:2169-3536info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/4.0/Repositorio Institucional - UlimaUniversidad de Limareponame:ULIMA-Institucionalinstname:Universidad de Limainstacron:ULIMASoftware developmentComputer securityDesarrollo de softwareSeguridad informáticahttps://purl.org/pe-repo/ocde/ford#2.02.04Systematic mapping of the literature on Secure Software Developmentinfo:eu-repo/semantics/articleArtículo en Scopus y Web of ScienceIngeniería de SistemasCarrera Profesional de Ingeniería de Sistemas, Universidad de LimaOICC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-81037https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12711/2/license_rdf8fc46f5e71650fd7adee84a69b9163c2MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12711/3/license.txt8a4605be74aa9ea9d79846c1fba20a33MD5320.500.12724/12711oai:repositorio.ulima.edu.pe:20.500.12724/127112025-03-06 19:40:01.364Repositorio Universidad de Limarepositorio@ulima.edu.peTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
12.889754 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
