Essential Activities for Secure Software Development

Mamdouh Alenezi; Sadiq Almuairfi

doi:10.5121/ijsea.2020.11201

Volume 11, Number 2

Essential Activities for Secure Software Development

Authors

Mamdouh Alenezi and Sadiq Almuairfi, Prince Sultan University, Saudi Arabia

Abstract

Diverse types of software are used in almost all sectors of businesses in the modern world. They provide mechanisms that enable buyers and sellers to interact virtually, reduce manual work in businesses and institutions as well as make work a lot easier. Increased demand for software has led to the increased investment that has subsequently attracted numerous security attacks. Millions of resources are held in various software worldwide, cyber-attack criminals have made a career in breaching software security for selfish gains, thus necessitating the development and establishment of secure software. Through a literature review, the work introduces concepts and terms used in secure software development, presents the best practices and provides a review of the models that could be used. Confidentiality, integrity, availability, and non-repudiation are secure software terms that mean it should be secret, safe, and accessible and keeps a record of every activity undertaken. The proposed work advocates for several best practices among them the creation of a secure perimeter that limits access to key segments or parts of the system in addition to reducing attacking surface or rather reducing the opportunities available for cyberattack. In regard to the engineering of software, the paper recommends that system requirements must be established before the software is created. Additional engineering ought to be done after the system has been evaluated just before the official launch. Moreover, the paper recommends the adoption of strategies that are used by renowned software models such as Microsoft Software Development Life-cycle among others. Those models have put secure software strategies throughout the life-cycle of software development. They recognize the need to put secure engineering systems during the design and utilization of the software because new methods of breaching software security come up every new day. The paper concludes by noting that continued collaborative efforts to guarantee more secure software is still a demanding need. Adherence to basic secure software development and utilization is essential in addition to developing additional engineering that maintains the integrity, confidentially and accessibility of the software.

Keywords

Software Engineering, Software Quality, Software Security Development.