ABSTRACT
Software deployment is the last stage of the software development life cycle (SDLC). It includes the execution of software in a customer environment. Nowadays, security has been integrated with the SDLC stages to produce secure software, improve software quality, and increase customer satisfaction. However, the software has become complex in recent execution environments, putting more pressure on securely deploying the software in these environments. This work extends our previous study published in [11], in which we have identified a list of best practices to address the secure software deployment challenges.
In our previous study, we categorized secure software deployment challenges into five levels of importance; critical, high, medium, low, and very low level. In this study, we provided best practices to overcome critical, high, and medium level challenges. Initially, a traditional literature review was conducted to identify best practices to overcome the challenges of secure software deployment. After that, data was collected via a questionnaire from 10 software deployment professionals to identify best practices that can be used to address the identified challenges. The outcome of this research assists software organizations in overcoming the challenges of secure software deployment. In addition, this study guides software organizations toward the secure deployment of software products.
- Paul, M. (2013). Official (ISC) 2 guide to the CSSLP CBK. CRC Press.Google ScholarCross Ref
- Dearle, A. (2007, May). Software deployment, past, present and future. In Future of Software Engineering (FOSE'07) (pp. 269-284). IEEE.Google Scholar
- Mirakhorli, M., Galster, M., & Williams, L. (2020). Understanding Software Security from Design to Deployment. ACM SIGSOFT Software Engineering Notes, 45(2), 25-26.Google ScholarDigital Library
- Shahin, M., Babar, M. A., & Zhu, L. (2017). Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access, 5, 3909-3943.Google ScholarCross Ref
- Claps, G. G., Svensson, R. B., & Aurum, A. (2015). On the journey to continuous deployment: Technical and social challenges along the way. Information and Software technology, 57, 21-31.Google Scholar
- Frankel, S., Graveman, R., Pearce, J., & Rooks, M. (2010). Guidelines for the secure deployment of IPv6. NIST Special Publication, 800, 119.Google Scholar
- Jalalzai, M. H., Shahid, W. B., & Iqbal, M. M. W. (2015, January). DNS security challenges and best practices to deploy secure DNS with digital signatures. In 2015 12th International Bhurban Conference on Applied Sciences and Technology (IBCAST) (pp. 280-285). IEEE.Google ScholarCross Ref
- ISO/IEC 27001. (2021). INFORMATION SECURITY MANAGEMENT [Online] Available at: https://www.iso.org/isoiec-27001-information-security.html (Accessed on: 23/2/2021).Google Scholar
- Forrest Shull, Janice Singer, and Dag I.K. Sjøberg. Guide to advanced empirical software engineering. 2008.I S BN: 9781848000438.D O I:10.1007/978-1-84800-044-5.9Google ScholarCross Ref
- Keshta, I., Niazi, M., & Alshayeb, M. (2017). Towards implementation of requirements management specific practices (SP1. 3 and SP1. 4) for Saudi Arabian small and medium sized software development organizations. IEEE Access, 5, 24162-24183.Google ScholarCross Ref
- A. Alghamdi, Azzah, and Mahmood Niazi. "Challenges of Secure Software Deployment: An Empirical Study." Proceedings of the International Conference on Evaluation and Assessment in Software Engineering 2022. 2022.Google Scholar
- Fritz, T., Huang, E. M., Murphy, G. C., & Zimmermann, T. (2014, April). Persuasive technology in the real world: a study of long-term use of activity sensing devices for fitness. In Proceedings of the SIGCHI conference on human factors in computing systems (pp. 487-496).Google ScholarDigital Library
- Terry, Gareth, "Thematic analysis." The SAGE handbook of qualitative research in psychology 2 (2017): 17-37.Google Scholar
- “CYBERSECURITY FRAMEWORK,” NIST. [Online] Available at: https://www.nist.gov/cyberframework (Accessed on: 23/2/2023).Google Scholar
- ISO/IEC 27001. (2021). INFORMATION SECURITY MANAGEMENT [Online] Available at: https://www.iso.org/isoiec-27001-information-security.html (Accessed on: 23/2/2023).Google Scholar
Recommendations
Empirical Study of Agile Software Development Methodologies: A Comparative Analysis
In today's software industry, technological prowess and ever-evolving customer requirements have led to more complex software demands. Agile based software development is increasingly being adopted by the software practitioners as it assures early ...
Strengths and barriers behind the successful agile deployment--insights from the three software intensive companies in Finland
The number of success stories being reported concerning agile software development has led to an increase in interest among industries and research communities. The purpose of this paper is to identify strengths and barriers for `successful agile ...
Toward successful DevSecOps in software development organizations: A decision-making framework
Abstract ContextDevelopment and Operations (DevOps) is a methodology that aims to establish collaboration between programmers and operators to automate the continuous delivery of new software to reduce the development life cycle and ...
Comments