Exploring software security approaches in software development lifecycle: A systematic mapping study

摘要

There is an increase use of security driven approaches to support software development activities, such as requirements, design and implementation. The objective of this paper is to identify the existing software security approaches used in the software development lifecycle (SDLC). In order to meet our goal, we conducted a systematic mapping study to identify the primary studies on the use of software security techniques in SDLC. In total, we selected and categorized 118 primary studies. After analyzing the selected studies, we identified 52 security approaches and we categorized them in to five main categories, namely, 'secure requirements modeling', 'vulnerability identification, adaption and mitigation', 'software security focused process', 'extended UML-based secure modeling profiles', 'non UML-based secure modeling notations'. The results show that the most frequently used approaches are static analysis and dynamic analysis that provide security checks in the coding phase. In addition, our results show that many studies in this review considered security checks around the coding stage of software development. This work will assist software development organizations in better understanding the existing software security approaches used in the software development lifecycle. It can also provide researchers with a firm basis on which to develop new software security approaches.