research-article

Costing Secure Software Development: A Systematic Mapping Study

Authors:
Elaine Venson

Center for Systems and Software Engineering, University of Southern California

Center for Systems and Software Engineering, University of Southern California
View Profile

,
Xiaomeng Guo

Center for Systems and Software Engineering, University of Southern California

Center for Systems and Software Engineering, University of Southern California
View Profile

,
Zidi Yan

University of Southern California

University of Southern California
View Profile

,
Barry Boehm

Center for Systems and Software Engineering, University of Southern California

Center for Systems and Software Engineering, University of Southern California
View Profile

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and SecurityAugust 2019Article No.: 9Pages 1–11https://doi.org/10.1145/3339252.3339263

Published:26 August 2019Publication History

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Pages 1–11

ABSTRACT

Building more secure software is a recent concern for software engineers due to increasing incidences of data breaches and other types of cyber attacks. However, software security, through the introduction of specialized practices in the software development life cycle, leads to an increase in the development cost. Although there are many studies on software cost models, few address the additional costs required to build secure software. We conducted a systematic review in the form of a mapping study to classify and analyze the literature related to the impact of security in software development costs. Our search strategy strove to achieve high completeness by the identification of a quasi-gold-standard set of papers, which we then used to establish a search string and retrieve papers from research databases automatically. The application of inclusion/exclusion criteria resulted in a final set of 54 papers, which were categorized according to the approach to software security cost analysis. Perform Security Review, Apply Threat Modeling, and Perform Security Testing were the three most frequent activities related to cost, and Common Criteria was the most applied standard. We also identified ten approaches to estimating software security costs for development projects; however, their validation remains a challenge, which could be addressed in future studies.

References

N. A. S. Abdullah, R. Abdullah, M. H. Selamat, and A. Jaafar. 2010. Extended function point analysis prototype with security costing estimation. In 2010 International Symposium on Information Technology, Vol. 3. 1297--1301.Google Scholar
Nur Atiqah Sia Abdullah, Rusli Abdullah, Mohd Hasan Selamat, and Azmi Jaafar. 2011. User Acceptance for Extended Function Point Analysis in Software Security Costing. In Software Engineering and Computer Systems (ICSECS). Springer, Berlin, Heidelberg, 346--360.Google Scholar
Jenny Abramov, Arnon Sturm, and Peretz Shoval. 2012. Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment. Information and Software Technology 54, 9 (Sept. 2012), 1029--1043. Google ScholarDigital Library
J. Arunagiri, S. Rakhi, and K. P. Jevitha. 2016. A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities. SpringerLink (2016), 99--112.Google Scholar
Tigist Ayalew, Tigist Kidane, and Bengt Carlsson. 2013. Identification and Evaluation of Security Activities in Agile Projects. In Secure IT Systems (Lecture Notes in Computer Science), Hanne Riis Nielson and Dieter Gollmann (Eds.). Springer Berlin Heidelberg, 139--153. Google ScholarDigital Library
D. Baca, M. Boldt, B. Carlsson, and A. Jacobsson. 2015. A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting. In 2015 10th International Conference on Availability, Reliability and Security. 11--19. Google ScholarDigital Library
Dejan Baca and Bengt Carlsson. 2011. Agile Development with Security Engineering Activities. In Proceedings of the 2011 International Conference on Software and Systems Process (ICSSP '11). ACM, New York, NY, USA, 149--158. Google ScholarDigital Library
Dejan Baca, Bengt Carlsson, and Lars Lundberg. 2008. Evaluating the Cost Reduction of Static Code Analysis for Software Security. In Proceedings of the Third ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '08). ACM, New York, NY, USA, 79--88. Google ScholarDigital Library
Dejan Baca, Bengt Carlsson, Kai Petersen, and Lars Lundberg. 2013. Improving software security with static automated code analysis in an industry setting. Software: Practice and Experience 43, 3 (March 2013), 259--279.Google Scholar
Dejan Baca and Kai Petersen. 2010. Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec). In Product-Focused Software Process Improvement (PROFES). Springer, Berlin, Heidelberg, 176--190. Google ScholarDigital Library
Dejan Baca and Kai Petersen. 2013. Countermeasure graphs for software security risk assessment: An action research. Journal of Systems and Software 86, 9 (2013), 2411--2428. Google ScholarDigital Library
D. A. Barbosa and S. Sampaio. 2015. Guide to the Support for the Enhancement of Security Measures in Agile Projects. In 2015 6th Brazilian Workshop on Agile Methods (WBMA). 25--31.Google Scholar
Saleem Basha and Dhavachelvan Ponnurangam. 2010. Analysis of Empirical Software Effort Estimation Models. International Journal of Computer Science and Information Security 7, 3 (April 2010), 68--77. http://arxiv.org/abs/1004.1239arXiv: 1004.1239.Google Scholar
Punam Bedi, Vandana Gandotra, Archana Singhal, Himanshi Narang, and Sumit Sharma. 2013. Mitigating Multi-threats Optimally in Proactive Threat Management. SIGSOFT Softw. Eng. Notes 38, 1 (Jan. 2013), 1--7. Google ScholarDigital Library
Barry Boehm, Chris Abts, and Sunita Chulani. 2000. Software development cost estimation approaches --- A survey. Annals of Software Engineering 10, 1 (Nov. 2000), 177--205. Google ScholarDigital Library
B. Boehm and V. R. Basili. 2001. Top 10 list {software development}. Computer 34, 1 (Jan. 2001), 135--137. Google ScholarDigital Library
Barry W. Boehm. 1981. Software Engineering Economics (1 edition ed.). Prentice Hall, Englewood Cliffs, N.J. Google ScholarDigital Library
Amiangshu Bosu, Jeffrey C. Carver, Munawar Hafiz, Patrick Hilley, and Derek Janni. 2014. Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, New York, NY, USA, 257--268. Google ScholarDigital Library
S. A. Butler. 2002. Security attribute evaluation method: a cost-benefit approach. In Proceedings of the 24th International Conference on Software Engineering. ICSE 2002. 232--240. Google ScholarDigital Library
D. Byers and N. Shahmehri. 2009. Prioritisation and Selection of Software Security Activities. In 2009 International Conference on Availability, Reliability and Security. 201--207.Google Scholar
B. Carlsson and D. Baca. 2005. Software security analysis - execution phase audit. In 31st EUROMICRO Conference on Software Engineering and Advanced Applications. 240--247. Google ScholarDigital Library
S. Chandra, R. A. Khan, and A. Agrawal. 2009. Security Estimation Framework: Design Phase Perspective. In 2009 Sixth International Conference on Information Technology: New Generations. 254--259. Google ScholarDigital Library
Golriz Chehrazi, Irina Heimbach, and Oliver Hinz. 2016. The Impact of Security by Design on the Success of Open Source Software. In ECIS 2016 Proceedings. 18. http://aisel.aisnet.org/ecis2016_rp/179Google Scholar
Raoul Chiesa and Marco De Luca Saggese. 2016. Data Breaches, Data Leaks, Web Defacements: Why Secure Coding Is Important. Proceedings of 4th International Conference in Software Engineering for Defence Applications (2016), 261--271.Google ScholarCross Ref
Ed Colbert and Dr Barry Boehm. 2008. Cost Estimation for Secure Software & Systems. In ISPA/SCEA 2008 Joint International Conference. The Netherlands, 9.Google Scholar
Daniela S. Cruzes and T. Dybå. 2011. Recommended Steps for Thematic Synthesis in Software Engineering. In 2011 International Symposium on Empirical Software Engineering and Measurement. 275--284. Google ScholarDigital Library
Carlo Marcelo Revoredo da Silva, Jose Lutiano Costa da Silva, Ricardo Batista Rodrigues, Leandro Marques do Nascimento, and Vinicius Cardoso Garcia. 2013. Systematic Mapping Study On Security Threats in Cloud Computing. arXiv:1303.6782 {cs} (March 2013). http://arxiv.org/abs/1303.6782 arXiv: 1303.6782.Google Scholar
Salma Dammak, Faiza Ghozzi Jedidi, and Faiez Gargouri. 2016. Quantifying Security in Web ETL Processes. In Risks and Security of Internet and Systems (Lecture Notes in Computer Science), Costas Lambrinoudakis and Alban Gabillon (Eds.). Springer International Publishing, 160--173.Google Scholar
Stanislav Dashevskyi, Achim D. Brucker, and Fabio Massacci. 2016. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product. In Engineering Secure Software and Systems. Springer, Cham, 190--206. Google ScholarDigital Library
G. Deepa and P. Santhi Thilagam. 2016. Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology 74 (June 2016), 160--180. Google ScholarDigital Library
G. Georg, K. Anastasakis, B. Bordbar, S. H. Houmb, I. Ray, and M. Toahchoodee. 2010. Verification and Trade-Off Analysis of Security Properties in UML System Models. IEEE Transactions on Software Engineering 36, 3 (May 2010), 338--356. Google ScholarDigital Library
Matteo Giacalone, Federica Paci, Rocco Mammoliti, Rodolfo Perugino, Fabio Massacci, and Claudio Selli. 2014. Security triage: an industrial case study on the effectiveness of a lean methodology to identify security requirements. In Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement - ESEM '14. ACM Press, Torino, Italy, 1--8. Google ScholarDigital Library
Spyros T. Halkidis, Alexander Chatzigeorgiou, and George Stephanides. 2009. Moving from Requirements to Design Confronting Security Issues: A Case Study. In On the Move to Meaningful Internet Systems: OTM 2009 (Lecture Notes in Computer Science), Robert Meersman, Tharam Dillon, and Pilar Herrero (Eds.). Springer Berlin Heidelberg, 798--814. Google ScholarDigital Library
Saman Hedayatpour, Nazri Kama, and Suriayati Chuprat. 2014. Analyzing Security Aspects during Software Design Phase using Attack-based Analysis Model. International Journal of Software Engineering and Its Applications (2014), 14.Google Scholar
Daniel Hein and Hossein Saiedian. 2009. Secure Software Engineering: Learning from the Past to Address Future Challenges. Information Security Journal: A Global Perspective 18, 1 (Feb. 2009), 8--25. Google ScholarDigital Library
Chad Heitzenrater, Rainer Bohme, and Andrew Simpson. 2016. The Days Before Zero Day: Investment Models for Secure Software Engineering. 14.Google Scholar
Chad Heitzenrater and Andrew Simpson. 2016. A Case for the Economics of Secure Software Development. In Proceedings of the 2016 New Security Paradigms Workshop (NSPW '16). ACM, New York, NY, USA, 92--105. Google ScholarDigital Library
C. Heitzenrater and A. Simpson. 2016. Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements. In 2016 11th International Conference on Availability, Reliability and Security (ARES). 572--581.Google Scholar
C. Heitzenrater and A. Simpson. 2016. Software Security Investment: The Right Amount of a Good Thing. In 2016 IEEE Cybersecurity Development (SecDev). 53--59.Google Scholar
Chad D Heitzenrater. 2017. Software Security Investment Modelling for Decision-Support. Ph.D. Dissertation. University of Oxford, Oxford. https://ora.ox.ac.uk/catalog/uuid:64ddd45e-87ab-4c92-a085-df2d0d4e22e0/download_file?file_format=pdf&safe_filename=2018.07.12-Dissertation-Heitzenrater-CORRECTIONS.pdf&type_of_work=ThesisGoogle Scholar
S. H. Houmb, G. Georg, R. France, J. Bieman, and J. Jurjens. 2005. Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05). 195--204. Google ScholarDigital Library
Ali Idri, Mohamed Hosni, and Alain Abran. 2016. Systematic literature review of ensemble effort estimation. Journal of Systems and Software 118, Supplement C (Aug. 2016), 151--175. Google ScholarDigital Library
Yurina Ito, Hironori Washizaki, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Atsuo Hazeyama, Nobukazu Yoshioka, and Eduardo B. Fernandez. 2015. Systematic Mapping of Security Patterns Research. In Proceedings of the 22Nd Conference on Pattern Languages of Programs (PLoP '15). The Hillside Group, USA, 14:1--14:10. http://dl.acm.org/citation.cfm?id=3124497.3124514event-place: Pittsburgh, Pennsylvania. Google ScholarDigital Library
M. Jorgensen and M. Shepperd. 2007. A Systematic Review of Software Development Cost Estimation Studies. IEEE Transactions on Software Engineering 33, 1 (Jan. 2007), 33--53. Google ScholarDigital Library
G. Jourdan. 2007. Securing Large Applications Against Command Injections. In 2007 41st Annual IEEE International Carnahan Conference on Security Technology. 69--78.Google Scholar
N. F. Khan and N. Ikram. 2016. Security Requirements Engineering: A Systematic Mapping (2010-2015). In 2016 International Conference on Software Security and Assurance (ICSSA). 31--36.Google Scholar
Barbara Kitchenham and Pearl Brereton. 2013. A systematic review of systematic review process research in software engineering. Information and Software Technology 55, 12 (Dec. 2013), 2049--2075. Google ScholarDigital Library
Barbara Ann Kitchenham, David Budgen, and Pearl Brereton. 2015. Evidence-Based Software Engineering and Systematic Reviews (1 edition ed.). Chapman and Hall/CRC, Boca Raton. Google ScholarDigital Library
B. A. Kitchenham, E. Mendes, and G. H. Travassos. 2007. Cross versus Within-Company Cost Estimation Studies: A Systematic Review. IEEE Transactions on Software Engineering 33, 5 (May 2007), 316--329. Google ScholarDigital Library
Leanid Krautsevich, Fabio Martinelli, and Artsiom Yautsiukhin. 2010. Formal Approach to Security Metrics.: What Does "More Secure" Mean for You?. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume (ECSA '10). ACM, New York, NY, USA, 162--169. Google ScholarDigital Library
R. Kuhn, M. Raunak, and R. Kacker. 2017. It Doesn't Have to Be Like This: Cybersecurity Vulnerability Trends. IT Professional 19, 6 (Nov. 2017), 66--70.Google Scholar
Taeho Lee, Taewan Gu, and Jongmoon Baik. 2014. MND-SCEMP: an empirical study of a software cost estimation modeling process in the defense domain. Empirical Software Engineering 19, 1 (Feb. 2014), 213--240. Google ScholarDigital Library
G. McGraw. 2004. Software security. IEEE Security Privacy 2, 2 (March 2004), 80--83. Google ScholarDigital Library
Gary McGraw. 2006. Software Security: Building Security In (1 edition ed.). Addison-Wesley Professional, Upper Saddle River, NJ. Google ScholarDigital Library
A. Mohammad, J. Alqatawna, and M. Abushariah. 2017. Secure software engineering: Evaluation of emerging trends. In 2017 8th International Conference on Information Technology (ICIT). 814--818.Google Scholar
Nabil M. Mohammed, Mahmood Niazi, Mohammad Alshayeb, and Sajjad Mahmood. 2017. Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards & Interfaces 50 (Feb. 2017), 107--115. Google ScholarDigital Library
Patrick Morrison, Benjamin H. Smith, and Laurie Williams. 2017. Surveying Security Practice Adherence in Software Development. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp (HoTSoS). ACM, New York, NY, USA, 85--94. Google ScholarDigital Library
Stephan Neuhaus, Thomas Zimmermann, Christian Holler, and Andreas Zeller. 2007. Predicting Vulnerable Software Components. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). ACM, New York, NY, USA, 529--540. Google ScholarDigital Library
Phu H. Nguyen, Max Kramer, Jacques Klein, and Yves Le Traon. 2015. An extensive systematic review on the Model-Driven Development of secure systems. Information and Software Technology 68 (Dec. 2015), 62--81. Google ScholarDigital Library
Mohammed M. Olama and James Nutaro. 2013. Secure it now or secure it later: the benefits of addressing cyber-security from the outset. In Cyber Sensing 2013, Vol. 8757. International Society for Optics and Photonics, 87570L.Google Scholar
Lotfi Ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker. 2017. Time for Addressing Software Security Issues: Prediction Models and Impacting Factors. Data Science and Engineering 2, 2 (June 2017), 107--124.Google Scholar
Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker, and Philip Miseldine. 2015. Factors Impacting the Effort Required to Fix Security Vulnerabilities. In Information Security. Springer, Cham, 102--119. Google ScholarDigital Library
Lotfi ben Othmane, Rohit Ranchal, Ruchith Fernando, Bharat Bhargava, and Eric Bodden. 2015. Incorporating attacker capabilities in risk estimation and mitigation. Computers & Security 51 (2015), 41--61. Google ScholarDigital Library
Keun-Young Park, Sang-Guun Yoo, and Juho Kim. 2011. Security Requirements Prioritization Based on Threat Modeling and Valuation Graph. In Convergence and Hybrid Information Technology, Vol. 206. Springer Berlin Heidelberg, Berlin, Heidelberg, 142--152.Google Scholar
David A. Patterson. 2005. 20th Century vs. 21st Century C&C: The SPUR Manifesto. Commun. ACM 48, 3 (March 2005), 15--16. Google ScholarDigital Library
J. Peeters and P. Dyson. 2007. Cost-Effective Security. IEEE Security Privacy 5, 3 (May 2007), 85--87. Google ScholarDigital Library
M. Razzazi, M. Jafari, S. Moradi, H. Sharifipanah, M. Damanafshan, K. Fayazbakhsh, and A. Nickabadi. 2006. Common Criteria Security Evaluation: A Time and Cost Effective Approach. In 2006 2nd International Conference on Information Communication Technologies, Vol. 2. 3287--3292.Google Scholar
Donald J. Reifer, Barry W. Boehm, and Murali Gangadharan. 2003. Estimating the Cost of Security for COTS Software. In COTS-Based Software Systems. Springer, Berlin, Heidelberg, 178--186. Google ScholarDigital Library
Kalle Rindell, Sami Hyrynsalmi, and Ville Leppänen. 2015. A Comparison of Security Assurance Support of Agile Software Development Methods. In Proceedings of the 16th International Conference on Computer Systems and Technologies (CompSysTech '15). ACM, New York, NY, USA, 61--68. Google ScholarDigital Library
K. Rindell, S. Hyrynsalmi, and V. Leppänen. 2016. Case Study of Security Development in an Agile Environment: Building Identity Management for a Government Agency. In 2016 11th International Conference on Availability, Reliability and Security (ARES). 556--563.Google Scholar
Pilar Rodríguez, Alireza Haghighatkhah, Lucy Ellen Lwakatare, Susanna Teppola, Tanja Suomalainen, Juho Eskeli, Teemu Karvonen, Pasi Kuvaja, June M. Verner, and Markku Oivo. 2017. Continuous deployment of software intensive products and services: A systematic mapping study. Journal of Systems and Software 123 (Jan. 2017), 263--291.Google ScholarCross Ref
Y. Shin, A. Meneely, L. Williams, and J. A. Osborne. 2011. Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities. IEEE Transactions on Software Engineering 37, 6 (Nov. 2011), 772--787. Google ScholarDigital Library
Yonghee Shin and Laurie Williams. 2011. An Initial Study on the Use of Execution Complexity Metrics As Indicators of Software Vulnerabilities. In Proceedings of the 7th International Workshop on Software Engineering for Secure Systems (SESS '11). ACM, New York, NY, USA, 1--7. Google ScholarDigital Library
Yonghee Shin and Laurie Williams. 2013. Can traditional fault prediction models be used for vulnerability prediction? Empirical Software Engineering 18, 1 (Feb. 2013), 25--59.Google ScholarCross Ref
F. Shull, V. Basili, B. Boehm, A. W. Brown, P. Costa, M. Lindvall, D. Port, I. Rus, R. Tesoriero, and M. Zelkowitz. 2002. What we have learned about fighting defects. In Proceedings Eighth IEEE Symposium on Software Metrics. 249--258. Google ScholarDigital Library
Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, and Wouter Joosen. 2017. Design notations for secure software: a systematic literature review. Software & Systems Modeling 16, 3 (July 2017), 809--831. Google ScholarDigital Library
Dilani Wickramaarachchi and Richard Lai. 2017. Effort estimation in global software development - a systematic review. Computer Science and Information Systems 14, 2 (2017), 393--421. http://www.doiserbia.nb.rs/Article.aspx?ID=1820-02141700007W&AspxAutoDetectCookieSupport=1Google ScholarCross Ref
Laurie Williams. 2010. Agile Software Development Methodologies and Practices. In Advances in Computers, Marvin V. Zelkowitz (Ed.). Advances in Computers, Vol. Volume 80. Elsevier, 1--44. http://www.sciencedirect.com/science/article/pii/S0065245810800014Google Scholar
Laurie Williams, Michael Gegick, and Andrew Meneely. 2009. Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer. In Engineering Secure Software and Systems (Lecture Notes in Computer Science), Fabio Massacci, Samuel T. Redwine, and Nicola Zannone (Eds.). Springer Berlin Heidelberg, 122--134. Google ScholarDigital Library
L. Williams, A. Meneely, and G. Shipley. 2010. Protection Poker: The New Software Security "Game";. IEEE Security Privacy 8, 3 (May 2010), 14--20. Google ScholarDigital Library
Claes Wohlin. 2014. Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering (EASE '14). ACM, New York, NY, USA, 38:1--38:10. Google ScholarDigital Library
L. Yang, X. Li, and Y. Yu. 2017. VulDigger: A Just-in-Time and Cost-Aware Tool for Digging Vulnerability-Contributing Changes. In GLOBECOM 2017 - 2017 IEEE Global Communications Conference. 1--7.Google Scholar
Ye Yang, Jing Du, and Qing Wang. 2015. Shaping the Effort of Developing Secure Software. Procedia Computer Science 44 (2015), 609--618.Google ScholarCross Ref
He Zhang, Muhammad Ali Babar, and Paolo Tell. 2011. Identifying relevant studies in software engineering. Information and Software Technology 53, 6 (June 2011), 625--637. Google ScholarDigital Library
J. Zheng, J. Wan, Y. Ren, and H. Guo. 2012. A jump-diffusion approach to modelling software security investment. In 2012 Fifth International Conference on Business Intelligence and Financial Engineering. 274--278. Google ScholarDigital Library

Index Terms

Costing Secure Software Development: A Systematic Mapping Study
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software implementation planning

Recommendations

Synthesis of secure software development controls
SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development ...
Read More
The effects of required security on software development effort
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings

Problem: developers are increasingly adopting security practices in software projects in response to cyber threats. Despite the additional effort required to perform those practices, current cost models either do not consider security as an input or ...
Read More
Software security in agile software development: a literature review of challenges and solutions
XP '18: Proceedings of the 19th International Conference on Agile Software Development: Companion

There has been a surge in number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus there is a need to ensure that security-related tasks are effectively ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
August 2019
979 pages
ISBN:9781450371643
DOI:10.1145/3339252

Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 August 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Software security
secure software development
software cost model
software development effort estimation
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate228of451submissions,51%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 13
  Total Citations
  View Citations
- 678
  Total Downloads
- Downloads (Last 12 months)97
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Costing Secure Software Development: A Systematic Mapping Study

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Synthesis of secure software development controls

The effects of required security on software development effort

Software security in agile software development: a literature review of challenges and solutions

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Costing Secure Software Development: A Systematic Mapping Study

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Synthesis of secure software development controls

The effects of required security on software development effort

Software security in agile software development: a literature review of challenges and solutions

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media