A Review of Security Issues in SDLC

Nosheen Nazir, Muhammad Kashif Nazir


Software Engineers do not implement security as a continuing process in software development; they give it worth at the end of software development.  Security implementation is an essential on-going routine in each phase of the software development lifecycle. This quantitative type of research investigates the security factors in different phases of Software Development Life Cycle (SDLC) and evaluates them from the research community and software engineers. Results are analyzed by using a statistical tool (SPSS), and security rules are proposed in each step of SDLC to assist software engineers and research community.


Security in SDLC; Review of SDLC; Security Rules in Software Development.

Full Text:



N. S. A. Karim, A. Albuolayan, T. Saba, and A. Rehman, "The practice of secure software development in SDLC: an investigation through existing model and a case study," Security and Communication Networks, vol. 9, pp. 5333-5345, 2016.

N. Haridas, "Software Engineering-Security as a Process in the SDLC," SANS Institute, p. 29, 2007.

C. Banerjee and S. Pandey, "Software Security Rules, SDLC Perspective," arXiv preprint arXiv:0911.0494, 2009.

A. Sharma and P. K. Misra, "Aspects of Enhancing Security in Software Development Life Cycle," Advances in Computational Sciences and Technology, vol. 10, pp. 203-210, 2017.

A. Batcheller, S. C. Fowler, R. Cunningham, D. Doyle, T. Jaeger, and U. Lindqvist, "Building on the Success of Building Security In," IEEE Security & Privacy, vol. 15, pp. 85-87, 2017.

N. Leicht, I. Blohm, and J. M. Leimeister, "Leveraging the Power of the Crowd for Software Testing," IEEE Software, vol. 34, pp. 62-69, 2017.

C. Kumar and D. K. Yadav, "Software defects estimation using metrics of early phases of software development life cycle," International Journal of System Assurance Engineering and Management, vol. 8, pp. 2109-2117, 2017.

S. A. Aljawarneh, A. Alawneh, and R. Jaradat, "Cloud security engineering: Early stages of SDLC," Future Generation Computer Systems, vol. 74, pp. 385-392, 2017.

V. Tasril, M. B. Ginting, and A. P. U. S. Mardiana, "Threats of Computer System and its Prevention," International Journal of Scientific Research in Science and Technology, vol. 3, pp. 448-451, 2017.

C. F.-G. R. Rios, and J. Lopez, "Modelling Privacy-Aware Trust Negotiations," Computers & Security, 2017.

C. E. Landwehr and A. Valdes, "Building Code for Power System Software Security," Technical Report. IEEE Computer Society, Mar2017.

O. Tripp and O. Weisman, "Identifying stored security vulnerabilities in computer software applications," ed: Google Patents, 2018.

P. P. Choudhury, K. Dihidar, A. R. Khan, R. Verma, and P. Sarkar, "Software measurements and metrics: Role in effective software testing," Data, in Brief, vol. 3, pp. 593-596, 2017.

B. C. f. P. S. S. Security. (2017). Available: https://smartgrid.ieee.org/images/files/pdf/building_code_for_power_system_software_security.pdf

N. M. Mohammed, M. Niazi, M. Alshayeb, and S. Mahmood, "Exploring software security approaches in software development lifecycle: a systematic mapping study," Computer Standards & Interfaces, vol. 50, pp. 107-115, 2017.

S. Rajesh and A. Chandrasekar, "Esteemed software patterns for the banking system," Cluster Computing, pp. 1-13, 2017.

S. T. Siddiqui, "TSSR: a proposed tool for secure software requirement management," 2015.

D. P. Gilliam, T. L. Wolfe, J. S. Sherif, and M. Bishop, "Software security checklist for the software life cycle," in Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on, 2003, pp. 243-248.

R. A. Majid, N. L. M. Noor, W. A. W. Adnan, and S. Mansor, "A survey on user involvement in software development life cycle from practitioner's perspectives," in Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, 2010, pp. 240-243.

G. McGraw, "Software Security," IEEE Security & Privacy, vol. 2, pp. 80-83, 2004.

R. L. Krutz and R. D. Vines, Cloud security: A comprehensive guide to secure cloud computing: Wiley Publishing, 2010.

G. Díaz and J. R. Bermejo, "Static analysis of source code security: Assessment of tools against SAMATE tests," Information and software technology, vol. 55, pp. 1462-1476, 2013.

K. Sahu, R. Shree, and R. Kumar, "Risk management perspective in SDLC," International Journal of Advanced Research in Computer Science and Software Engineering, vol. 4, 2014.

B. Potter and G. McGraw, "Software security testing," IEEE Security & Privacy, vol. 2, pp. 81-85, 2004.

P. Hope, G. McGraw, and A. I. Antón, "Misuse and abuse cases: Getting past the positive," IEEE Security & Privacy, vol. 2, pp. 90-92, 2004.

N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh, "Using static analysis to find bugs," IEEE Software, vol. 25, 2008.

S. Barnum and G. McGraw, "Knowledge for software security," IEEE Security & Privacy, vol. 3, pp. 74-78, 2005.

N. S. A. Karim, T. Saba, and A. Albuolayan, "Analysis of software security model in the scenario of Software Development Life Cycle (SDLC)," Journal of Engineering Technology (ISSN: 0747-9964), vol. 6, pp. 304-316, 2017.

J. Whitmore and W. Tobin, "Improving Attention to Security in Software Design with Analytics and Cognitive Techniques," in Cybersecurity Development (SecDev), 2017 IEEE, 2017, pp. 16-21.

S. Barnum and M. Gegick, "Build security in– Design principles, 2005," ed.

N. Davis, "Secure software development lifecycle processes: A technology scouting report," Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst2005.

C. G. Cobb, "Fundamental Principles behind SDLC Models," Making Sense of Agile Project Management: Balancing Control and Agility, pp. 131-162, 2011.


  • There are currently no refbacks.




About ASRJETS | Privacy PolicyTerms & Conditions | Contact Us | DisclaimerFAQs 

ASRJETS is published by (GSSRR).