Professional Documents
Culture Documents
net/publication/353306538
CITATIONS READS
0 610
3 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Prakash Chandra Behera on 17 July 2021.
RESEARCH ARTICLE
Prakash Chandra Behera 1*, Chinmaya Dash1 and Santosh Kumar Yadav2
Research Scholar, Shri JJT University, Rajasthan, St. Claret College, Bangalore, Karnataka, India
1
This is an Open Access Journal / article distributed under the terms of the Creative Commons Attribution License
(CC BY-NC-ND 3.0) which permits unrestricted use, distribution, and reproduction in any medium, provided the
original work is properly cited. All rights reserved.
ABSTRACT
Developing secure software is really a challenge now for all types of software industry like small or big
industry. Security is an essential part of any type of software development. There is a number of
drawbacks to our existing system of software development. Starting from Conceptualization to the last
phase of an SDLC. Software security does not depend on maintaining security in each step of software
development but also it depends on the technology we are using for maintaining the security of the
software. In this paper, we did a literature review to identify the basic security challenges during
development of a software and also pointing out research gap. Here around sixty research articles are
reviewed related to software issues or software security.
INTRODUCTION
The country like India is one of the quickest developing economies of the existence where the monetary development
has consistently speed up and stable. IT area has arisen as a profoundly energetic and dynamic area of the Indian
economy. Developing secure software is really a challenge now for all types of software industry like small or big
industry. Security is an essential part of any type of software development. There are number of drawbacks to our
existing system of software development. Starting from Conceptualization to the last phase of an SDLC, Software
security does not depend on maintaining security in each step of software development but also it depends on the
technology we are using for maintaining the security of the software. In the present Scenario, effective usage of data
32037
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
innovation projects is a basic key and serious need for firms in every single mechanical area. Because of cost invades,
plan delays, unfilled necessities and low quality, IT projects are not effectively encouraging norm. There are a few
practices and achievement factors for keeping up the norm of activities however extends still keep on fizzling.
Sustaining quality of IT projects is a critical task. IT projects have not successfully facilitated standard due to cost
involved in project completion, required resources along with inefficient risk & stakeholder. Few customer-oriented
approaches enhance the efficiency of software development process along with elimination of waste and
improvement of flow of productivity during software development & maintenance and get acknowledged positively
by the IT organizations during project development. A Software Development is a list of interrelated steps for the
developing a software or system. It is also a flow of interrelated steps where each step depends on its previous steps
output completely. Each step follows a list of predefined activity as their stage role. Like beginning from requirement
analysis to the last step of software maintenance. There are many models are available for the development of
software like the waterfall model, iterative model, spiral model, agile and lean.
32038
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
32039
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
functionality of each model and going through thoroughly. In the year 2013, the authors Srikrishnan Sundararajan,
Bhasi M., Pramod K.V, have written a paper on , “An Empirical Study of Industry Practice in Software Development
Risk Management”,[23] in this paper authors propose a model for chance organization appropriate to non-in-house
adventures and moreover explain the unquestionable features of our model in assessment with the current
composition on programming peril, in that model the key community zones of programming danger the board in
reallocated endeavors to achieve the best outcome. In the year 2017,the authors, Malek Al-Zewairi1, Mariam
Biltawi1, Wael Etaiwi1, Adnan Shaout, have written a paper on, “Agile Software Development Methodologies:
Survey of Surveys”,[25] in this paper author made a comparative study on various tools used by different author on
agile process, they made study by comparer and review method (CR) and the proposed agile methods that have not
been tended to till now in some other writing survey were looked into and thought about as far as where the
progressions that they proposed lay on the SDLC. In the year 2014, the authors, Haneen Hijazi, Msc, Shihadeh
Alqrainy, Hasan Muaidi, Thair Khdour, have written a paper on, “RISK FACTORS IN SOFTWARE DEVELOPMENT
PHASES”, [27] in this paper authors made a comparative study of many major risk factor associated with software
development in SDLC. Around 100 risk factors were addressed in the paper which are mostly common risk factors in
all software development and in all software industry. In the year 2014, the author, Kavita Sahu, Rajshree, Rajeev
Kumar, have written a paper on, “Risk Management Perspective in SDLC”, [28] in this paper authors have tried to
combine between software security and software risk in a solitary string. It is a finished procedure that will assist a
designer with choosing most suitable risk the board plan for giving software greater security and build up a real
existence cycle is proposed which will assist with recognizing and moderate dangers at the beginning phase of
development. In the year 2018, the author, Shams Tabrez Siddiqui, have written a paper on, “Significance of Security
Metrics in Secure Software Development”, [30] in this paper authors make an investigation on security
measurements of programming improvement stages and some normalized models for approval. In the investigation
each phase of measurements and contrasted with one another and the end result are noted. The product got from the
proposed security measurements of the product will be secure and more qualityiable In the year 2014, the authors,
Nikhat Praveen, Md. Rizwan Beg, M. H. Khan, have published a paper on,” Software Security Issues: Requirement
Perspectives”, [31] in this paper the author examine 21 issues identified with security with separate to prerequisite
which can evacuate the all the security threats in start of improvement life cycle. By remembering these issues,
working individuals in the zone of software security can ready to assemble increasingly secure software and
furthermore the objectives of security can without much of a stretch be distinguished. In the year 2015, the authors,
Manoj1, Shabnam Sangwan2, have written a paper on, “Information Security requirement in Project Development
Life Cycle”,[33] in this paper the author discovers how data security could be increment and build up another
system and new philosophy that can help coordinate data security in venture improvement life cycle procedures and
Information Security contribution in Software Project Development Life Cycle. In the year 2017, the author, Dr Rajesh
Kapur, have written a research paper on, “A stochastic model to enhance information security in software
development through risk management”, [37] in this paper author develop a model to identify different threats in
overall information security management. In the year 2015, the authors, Usman Rafi, Tasleem Mustafa, Nayyar Iqbal,
Waseeq-Ul-Islam Zafar, have written a research paper on,” US-Scrum: A Methodology for Developing Software with
Enhanced Correctness”, [38] in this paper authors develop a model on FDD and scrum principle to improve quality
and security of a software and also this model provide more quality production using the concept verification and
validation process. In the year 2016, the authors, Ruchi Sharma, Priyanka Mehta, have written a research paper on,
“Implementation of Fuzzy Logic for Introducing Security at Process Level in Agile Development”, [40]in this paper
the authors highlight different concern of security requirement of the project using agile process using fuzzy logic
technique which use java language and GUI.
Research Finding
1. Security measures in SDLC checkpoints: Security rules are remembered for each SDLC stage's entrance and leave
checkpoints.
2.Secure software standards and practices: All improvement measures and their ancient rarities adjust to make sure
about engineering, plan, coding and reconciliation, and testing standards and practices, for example, those depicted
in later areas of this report.
3. Adequate necessities: Elicitation, inference, and determination of prerequisites incorporates satisfactory, complete
necessities for imperatives on the product's usefulness and conduct ("negative" prerequisites) just as non-utilitarian
necessities relating to improvement and assessment measures, operational limitations, and so forth., to guarantee the
product's steadfastness, reliability, and versatility.
4. Secure coding: Includes both coding and reconciliation of programming parts.
Coding follows secure coding practices and clings to make sure about coding principles. Static security investigation
of code is performed iteratively all through the coding cycle, to guarantee that security issues are found and wiped
out before code is delivered for unit testing and reconciliation.
5. Secure programming incorporation: Software units/modules/parts are coordinated in light of the accompanying
contemplations: Guaranteeing that all automatic interfaces and technique calls are naturally secure or that security
systems are added to make sure about them
6. Security testing: Appropriate security-arranged audits and tests are performed all through the SDLC. Tests plans
incorporate situations incorporate strange and antagonistic conditions among "foreseen conditions" under which the
product may work, and test standards incorporate those that empower the analyzer to decide if the product fulfills
its prerequisites for constancy, dependability, and survivability under totally foreseen conditions. The survey and
test system incorporates a wide enough assortment and mix of tests to empower the analyzer to decide if the product
fulfills its prerequisites for constancy, dependability, and survivability under conditions.
7. Secure circulation and organization: Distribution and sending follows secure practices, which include:
a. Completely "cleaning" the product executable(s) to eliminate hazardous coding builds and installed delicate
information, engineer indirect accesses, and so on., before move to download site(s).
b. Dispersion on media or through interchanges channels that satisfactorily shield the product from altering when it
is in transit to its buyer or installer this may incorporate use of advanced marks or computerized rights the
executives’ systems to forestall altering or unapproved/unlicensed establishment
c. Default arrangement settings that are maximally prohibitive, with the design direct adequately instructive and
nitty gritty that it empowers the installer to settle on educated danger based choices about reconfiguring the product
with less-prohibitive settings if vital
d. Comprehensible, exact client, director, and installer documentation that unmistakably clarifies every necessary
requirement and security highlights of the product.
8. Secure sustainment: Maintenance, weakness the executives, and fix issuance and dissemination adjust to make
sure about sustainment standards and practices. Programming clients are urged to apply fixes and keep
programming refreshed, to limit pointless presentation of weaknesses.
9. Supportive advancement instruments: Development, testing, and organization apparatuses and stages that
upgrade security of created relics and backing secure improvement rehearses are utilized all through the SDLC.
32041
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
10.Secure design the board frameworks and cycles: Secure programming arrangement the executives and
form/change control of the advancement ancient rarities as a countermeasure against disruption of those curios by
malignant engineers, analyzers, or other SDLC "insiders"
11. Security-learned designers: The security the information the engineer needs will explain the immediate
connection between security standards and programming building rehearses. Security instruction and preparing of
designers needs to go past basically clarifying what security ideas and standards are significant. It needs to address
the useful manners by which those ideas and standards straightforwardly apply to the designing practices by Which
programming is imagined, executed, and supported. The instruction/preparing ought to be adequate to empower the
designer to recognize security-upgrading and security-compromising programming rehearses, and to certainly and
skilfully grasp the previous.
Problem Statement
After studying and exiting propose model and research on security in software development process, in all big
software industry are following different methodology for developing secure software, but in case small software
industry it quite difficult to adopt new technology or tools for developing secure software.
1. Is the agile procedure will assist with improving security in software development in small software firm?
2. Is the Hybrid model of waterfall and agile will assist with improving security in software development?
3. Would Agile-Lean model be appreciated and adopted by the small software firm to develop
Research Methodology
For carrying out the first objective, a rigorous review of literature will be carried out by referring indexed
journals in Computer science and Engineering field.
For carrying out the second objective, we carry out questionnaire survey; a well-structured questionnaire will be
prepared and analysed using IBM SPSS tool.
For carrying out the third objective, a mathematical model using machine learning techniques will be developed
and tested in selected SME’s
A comparative study using quality control tools will be carried out.
CONCLUSION
Development of secure software is a challenge to all types of industries like big or small software firms, so small
software firms may face different type of attack during the development process or after the development of the
software which will leads to many expanses so developing secure software is an integral part for small software
industry. Our future research to develop a secure model for small firm which will help social and economic growth.
32042
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
3. There is no such research to identify different issues in secure software development for small industry.
ACKNOWLEDGMENT
The author is thankful to all the authors whose references are included
REFERENCES
1. Hala Assal and Sonia Chiasson, Carleton University, (August 12–14, 2018), “Security in the Software
Development Lifecycle”, In the Proceedings of the Fourteenth Symposium on Usable Privacy and Security,
Baltimore, MD, USA, ISBN 978-1-939133-10-6.
2. Nor Shahriza Abdul Karim1, Arwa Albuolayan1, Tanzila Saba1 and Amjad Rehman2, Saudi Arabia, “The
practice of secure software development in SDLC: an investigation through existing model and a case study”,
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:5333–5345, Published
online 16 November 2016 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1700.
3. Nooper Davis,” Secure Software Development Life Cycle Processes”, Software Engineering Institute Carnegie
Mellon University, PA 15213-2612, July 2013.
4. James E.” Building Security into the System Development Life Cycle (SDLC) A Case Study “SANS software
institute, Last Updated: January 29th, 2020.
5. E-Devlet Uygulamalarının Çevik Geliştirme Süreçlerinde Güvenli Yazılım,” Secure Software Development in
Agile Development Processes of E-Government Applications”. The Journal of International Scientific Researches
2018, 3(1).
6. Ruchi Dabey1, Vishnu Kumar2, “Improve Security in a Software Development Life Cycle”, International Journal
of Engineering Sciences & Research Technology [399-405], ISSN: 2277-9655, [Dabey, 1(7): Sep., 2012], Page. No
[399-405].
7. Malik Imran Daud, “Secure Software Development Model: A Guide for Secure Software Life Cycle” July
2010.ResearchGate.
8. Syed Rizwan Ahmed, “Secure Software Development - Identification of Security Activities and Their Integration
in Software Development Lifecycle”, Master Thesis Software Engineering Thesis no: MSE-2007-12 March 2007,
School of Engineering Blekinge Institute of Technology Box 520 SE – 372 25 Ronneby Sweden.
9. Dejan Baca, “Developing Secure Software - in an Agile Process, School of Computing Publisher: Blekinge
Institute of Technology, SE-371 79 Karlskrona, Sweden Printed by Printfabriken, Karlskrona, Sweden 2012 ISBN:
978-91-7295-229-4 ISSN 1653.
10. Marco M. Morana Senior Consultant Foundstone Professional Services a Division of McAfee, a white paper on
“Building Security into The Software Life Cycle a Business Case”.
11. Sanjay Kumar,” Security Enhancement in Software Development Life Cycle”, IJSTE - International Journal of
Science Technology & Engineering | Volume 3 | Issue 06 | December 2016 ISSN (online): 2349-784X.
12. Fortify an HP Company, a white paper, “Seven Practical Steps to Delivering More Secure Software”, January
2011.
13. Noopur Davis, “Secure Software Development Life Cycle Processes: A Technology Scouting Report” Technical
Note CMU/SEI-2005-TN-024.
14. Benedikt Mas y Parareda and Jonathan Streit, itestra GmbH, Ludwigstrasse 35, 86916 Kaufering, Germany
“Software Quality Modelling Put into Practice”, TUM-I0811 April 08, TUM-INFO-04-I0811-0/1.-FI.
32043
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
15. Karen Mercedes Gentzel Information Assurance Technology Analysis Centre (IATAC), “Software Security
Assurance “State-of-the-Art Report (SOAR) July 31, 2007. Information Assurance Technology Analysis Center
(IATAC) Data and Analysis Centre for Software (DACS) Joint endeavour by IATAC with DACS.
16. Syed Mohd.Shahe Alam1, Prof. (Dr.) Sanjay Kumar Singh2, Dr. Suhel Ahmad Khan3, “Security Estimation
Framework for Development of Secure Software and Cyber Attacks”, International Journal of Engineering and
Management Research Page Number: 146-154, Volume-7, Issue-3, May-June 2017, ISSN (ONLINE): 2250-0758,
ISSN (PRINT): 2394-6962.
17. S. Preda, N. Cuppens-Boulahia, F. Cuppens, J. Garcia-Alfaro, and L. Toutain, “Model-driven Security
PolicyDeployment: Property Oriented Approach”, IT TELECOM Bretagne CS 17607, 35576 Cesson-S´evign´e,
France, hal-00540842, version 1 - 29 Nov 2010.
18. Sumit S Dadhwal, “Secure Software Policy”, CSCI – E41 Secure Software Development, ©ACME Retail – All
Rights Reserved.
19. Amjad Hudaib1, Mohammad AlShraideh1, Ola Surakhi1, Mohammad Khanafseh1, “A Survey on Design
Methods for Secure Software Development”, International journal of Computers and Technology, I S S N -2 2 7 7
- 3061, V o l u m e 1 6, N u m b e r 7.
20. MOUTASM TAMIMI1, FATIMAH ALGHAMDI2 & AHID YASEEN3, “A systematic snapshot review of
custom-made software enterprises from the development perspectives”, International Journal of Information
Systems Management Research & Development (IJISMRD) ISSN (P): 2250-236X; ISSN (E): 2319-4480 Vol. 9, Issue
1, Jun 2019, 1-24.
21. Sabbir M Saleh, M Ashikur Rahman, K Ali Asgor, “Comparative Study on the Software Methodologies for
Effective Software Development”, International Journal of Scientific & Engineering Research, Volume 8, Issue 4,
April-2017, ISSN 2229-5518
22. Mamdouh Alenezi, Sadiq Almuairfi, “Security Risks in the Software Development Lifecycle”, International
Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-3, September 2019.
23. Srikrishnan Sundararajan, Bhasi M., Pramod K.V.”An Empirical Study of Industry Practice in Software
Development Risk Management “,International Journal of Scientific and Research Publications, Volume 3, Issue
6, June 2013 , ISSN 2250-3153.
24. Maurice Dawson1,2, Darrell Norman Burrell3,4, Emad Rahim5,6 and Stephen Brewster7,” Integrating software
assurance into the software development life cycle (sdlc)”, journal of information systems technology &
planning, JISTP - Volume 3, Issue 6 (2010), pp. 49-53. ©2010 Published by Intellect Base International
Consortium, USA.
25. Malek Al-Zewairi1, Mariam Biltawi1, Wael Etaiwi1, Adnan Shaout2, “Agile Software Development
Methodologies: Survey of Surveys”, Journal of Computer and Communications, 2017, 5, 74-97, ISSN Online:
2327-5227 ISSN Print: 2327-5219.
26. C. Banerjee1, S. K. Pandey2, “Research on Software Security Awareness: Problems and Prospects”, ACM
SIGSOFT Software Engineering Notes, September 2010 Vol 35, Number 5.
27. Haneen Hijazi,Shihadeh Alqrainy, Hasan Muaidi, Thair Khdour, “Risk factors in software development
phases”, European Scientific Journal January 2014 edition vol.10, No.3 ISSN: 1857 – 7881 (Print) e - ISSN 1857-
7431.
28. Kavita Sahu, Rajshree, Rajeev Kumar, “Risk Management Perspective in SDLC”, International Journal of
Advanced Research in Computer Science and Software Engineering, ISSN: 2277 128X, Volume 4, Issue 3, March
2014.
29. Shams Tabrez Siddiqui, “Significance of Security Metrics in Secure Software Development”, International
Journal of Applied Information Systems (IJAIS) – ISSN: 2249-0868 Foundation of Computer Science FCS, New
York, USA Volume 12 – No. 6, August 2017.
30. Nikhat Parveen, Md. Rizwan Beg, M. H. Khan,” Software Security Issues: Requirement
Perspectives”,International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014, ISSN
2229-5518.
32044
Indian Journal of Natural Sciences www.tnsroindia.org.in ©IJONS
31. Shafagat Mahmudova, “Some Methods for Software Security”, SOCIETY FOR SCIENCE AND EDUCATION
UNITED KINGDOM, ISSN: 2054 -7420.
32. Manoj1, Shabnam Sangwan2. Information Security requirement in Project Development Life Cycle. International
Journal of Advance Research in Computer Science and Management Studies. Volume 3, Issue 3, March 2015,
ISSN: 232 7782 (Online).
33. Chinmaya, D & Ramesh, D & Prakash CB, (2016). Software Quality Management: A Process to Improve the
Quality of Software Project Using SQA. International Journal of Computer Science and Information
Technologies, ISSN 0975 – 9646.
34. M. Upendra Kumar, “Literature Survey on Agile Security Architecture Model”, SSRG International Journal of
Mobile Computing & Application (SSRG – IJMCA) – Volume1 Issue 1 May to Aug 2014.
35. Nathan Newton, Craig Anslow, Andreas Drechsler,” Information security in agile software development
projects: a critical success factor perspective”, Newton et al. / Information Security in Agile Development.
36. Dr Rajesh Kapur, “A stochastic model to enhance information security in software development through risk
management”, International Journal of Engineering Science Invention Research & Development; Vol. IV, Issue
IV, OCTOBER 2017 www.ijesird.com, E-ISSN: 2349-6185.
37. Usman Rafi, Tasleem Mustafa, Nayyar Iqbal, Waseeq-Ul-Islam Zafar,” US-Scrum: A Methodology for
Developing Software with Enhanced Correctness, Usability and Security”, International Journal of Scientific &
Engineering Research, Volume 6, Issue 9, September-2015, ISSN 2229-5518.
38. Mary Walowe Mwadulo,” Suitability of Agile Methods for Safety-Critical Systems Development: A Survey of
Literature”, International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 465 -
471, 2016, ISSN: - 2319–8656.
39. Ruchi Sharma, Priyanka Mehta,” Implementation of Fuzzy Logic for Introducing Security at Process Level in
Agile Development”, International Journal of Latest Trends in Engineering and Technology (IJLTET) ISSN:
2278-621X, Vol 7 issue 2 July 2016.
40. Dash, Chinmaya. (2020). A Roadmap from Design Thinking to Agile Methodology for Software Development
Life Cycle. Software Engineering and its Application: A Hand Book. 978-93-88879-84-2.
41. Prakash, B & Chinmaya, D & Chandramma, R & Piyush, P & Aditya, P. (2019). An Innovative Approach to
Perform Software Defect Prediction. International Journal of Computer Sciences and Engineering. 2347-2693
42. Dash, Chinmaya & Behera, Prakash. (2020). A Review on Agile Methodology and Lean Software Development.
Software Engineering and its Application: A Hand Book. 978-93-88879-84-2.
43. Aditya, P & Chinmaya, D & Prakash, B & Piyush, P. (2019). Adaptation of Six Sigma Method in Software
Development. International Journal of Computer Sciences and Engineering. 2347-2693
44. Behera, Prakash & Dash, Chinmaya & Mohapatra, Somanjoli. (2020). An Approach to Analysis the Reusability
of the Object-Oriented Software. Development. Software Engineering and its Application: A Hand Book. 978-93-
88879-84-2.
45. Sandhya, S & Pareek, Piyush & Behera, Prakash & Dash, Chinmaya. (2020). An Empirical Study on Wastes in
Software Development. Development. Software Engineering and its Application: A Hand Book. 978-93-88879-
84-2.
46. Behera P.C., Dash C., Pareek P.K. (2021) A Novel Approach for Improving Security in Software
Development in Small Software Firms: A Literature Review. In: Tavares J.M.R.S., Chakrabarti S.,
Bhattacharya A., Ghatak S. (eds) Emerging Technologies in Data Mining and Information Security. Lecture
Notes in Networks and Systems, vol 164. Springer, Singapore. https://doi.org/10.1007/978-981-15-9774-9_64
47. Dash C., Behera P.C., Pareek P.K. (2021) Literature Survey on Exploratory Analysis of Waste in IT
Industries During Project Development Using Agile–Lean Practices. In: Tavares J.M.R.S., Chakrabarti S.,
Bhattacharya A., Ghatak S. (eds) Emerging Technologies in Data Mining and Information Security. Lecture
Notes in Networks and Systems, vol 164. Springer, Singapore. https://doi.org/10.1007/978-981-15-9774-9_65
32045