• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology

Article

Challenges and limitations in secure software development adoption - A qualitative analysis in Malaysian software industry prospect
  • VIEWS 1944
  • PDF 423

Indian Journal of Science and Technology

DOI: 10.17485/IJST/v13i26.848

Year: 2020, Volume: 13, Issue: 26, Pages: 2601-2608

Original Article

Challenges and limitations in secure software development adoption - A qualitative analysis in Malaysian software industry prospect

Zulfikar Ahmed Maher1, Asadullah Shah2*, Shahmurad Chandio3, Hazwani Mohd Mohadis4, Noor Hayani Binti Abd Rahim4

1Kulliyyah of Information and Communication Technology, International Islamic University
2Kulliyyah of Information and Communication Technology, International Islamic University Malaysia, Tel.: +6016-2977026
3Institute of Mathematics and Computer Science, University of Sindh Jamshoro
4Kulliyyah of Information and Communication Technology, International Islamic University Malaysia
*Corresponding Author
Tel.: +6016-2977026
Email: [email protected]

Received Date:07 June 2020, Accepted Date:03 July 2020, Published Date:27 July 2020

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Background/Objectives Inclusion of security in software development from the initial design phase has not been consistently addressed by the software developers. As a result there is an abundance of software systems with weak security. The objective of this study is to find out factors influencing developer's intention to adopt secure software development practices. Methodology: This study is based on qualitative research methodology. Interviews were conducted from the professionals working at senior positions at Malaysian software development organization. All the interviews were first transcribed, as they were digitally recorded. Then transcribed data was analyzed in a way that all frequent words or repetitive concepts were highlighted, after which many similar or relevant concepts were grouped together and categorized as themes and sub themes. Findings: The data was analyzed using the thematic analysis method. The results revealed five main themes, whereas each main theme has subthemes. These subthemes are parameters to justify the main theme. Main themes were identified in the light of the interviewee's response. The main results include interviewee's demographic characteristics, and then the main themes identified include, Adoption of SSD practices, Influencing authorities, Motivating Factors, Attitude towards SSD, Hindrances / Issues towards SSD Adoption. Sub themes included: Security Culture, Change Management, Applications of SSD, Managers, Security Expert, Training, Incentives, Security Awareness, Performance Expectancy, Facilitating Conditions, Demographic Characteristics, Need to use SSD, No clear guidelines, Strict Project Timeline, Lack of Security knowledge. The overall interview results show that secure software development practices adoption level in most part of the software industry is not up to the satisfactory level. Novelty/Applications: This research explores the factors impeding theimplementation of the best security practices, and barriers to secure software development practices adoption. This study can be used as guideline to be followed for the implementation of secure software development practices in software industry.
Keywords: Secure software development adoption; organizational factors; software developer intention; security development; software security

References

  2. Chess B, McGraw G. Static analysis for security. IEEE Security and Privacy Magazine. 2004;2:76–79. Available from: https://dx.doi.org/10.1109/msp.2004.111
  4. Howard M, Lipner S. The security development lifecycle. (Vol. 8) Redmond: Microsoft Press. Scholar Digital Librar.. 2006.
  6. Green M, Smith M. Developers are Not the Enemy!: The Need for Usable Security APIs. IEEE Security & Privacy. 2016;14(5):40–46. Available from: https://dx.doi.org/10.1109/msp.2016.111
  7. Pieczul O, Foley S, Zurko ME. Developer-centered Security and the Symmetry of Ignorance. Proceedings of the 2017 New Security Paradigms Workshop. 2017;p. 46–56. Available from: https://dl.acm.org/doi/abs/10.1145/3171533.3171539
  10. Maher ZA, Sani NFM, Din J, Jabar M. Use of Security Patterns for Development of Secure Healthcare Information System. Journal of Medical Imaging and Health Informatics. 2016;6(6):1541–1547. Available from: https://dx.doi.org/10.1166/jmihi.2016.1845
  12. Bouaziz R, Hamid B, Desnos N. Towards a better integration of patterns in secure component-based systems design. In International Conference on Computational Science and Its Applications. 2011;p. 607–621. Available from: https://link.springer.com/chapter/10.1007/978-3-642-21934-4_49
  13. Lodderstedt T, Basin D, Doser J, Secureuml. SecureUML: A UML-based modeling language for model-driven security. In: InInternational Conference on the Unified Modeling Language. Berlin, Heidelberg. Springer. p. 426–441.
  14. Lincke SJ. Designing software security with UML extensions: post-conference workshop. Journal of Computing Sciences in Colleges. 2012;28(1):149–52. Available from: https://dl.acm.org/doi/abs/10.5555/2379703.2379732
  17. Kanniah SL, Mahrin MN. A review on factors influencing implementation of secure software development practices. International Journal of Computer and Systems Engineering. 2016;2(8):3032–3039.
  18. Woon IMY, Kankanhalli A. Investigation of IS professionals’ intention to practise secure development of applications. International Journal of Human-Computer Studies. 2007;65(1):29–41. Available from: https://dx.doi.org/10.1016/j.ijhcs.2006.08.003
  19. Bu F, Wang N, Jiang B, Liang H. “Privacy by Design” implementation: Information system engineers’ perspective. International Journal of Information Management. 2020;53:102124. Available from: https://dx.doi.org/10.1016/j.ijinfomgt.2020.102124
  20. Khan S, Parkinson S, Qin Y. Fog computing security: a review of current applications and security solutions. Journal of Cloud Computing. 2017;6(1). Available from: https://dx.doi.org/10.1186/s13677-017-0090-3
  21. Ziegeldorf JH, Morchon OG, Wehrle K. Privacy in the Internet of Things: threats and challenges. Security and Communication Networks. 2014;7:2728–2742. Available from: https://dx.doi.org/10.1002/sec.795

Copyright

© 2020 Maher, Shah, Chandio, Mohadis, Rahim.This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Published By Indian Society for Education and Environment (iSee)

  • 29 July 2020

Year: 2020, Volume: 13, Issue: 26

Article Metrics


Post Graduate Fellowship in Research Communication

More articles

DON'T MISS OUT!

Subscribe now for latest articles and news.