Review of Techniques for Integrating Security in Software Development Lifecycle  

作　　者：Hassan Saeed Imran Shafi Jamil Ahmad Adnan Ahmed Khan Tahir Khurshaid Imran Ashraf 

机构地区：[1]College of Electrical and Mechanical Engineering,National University of Sciences and Technology(NUST),Rawalpindi,46604,Pakistan [2]Department of Computer Science,Abasyn University Islamabad Campus,Islamabad,45510,Pakistan [3]Military College of Signals,National University of Sciences and Technology(NUST),Rawalpindi,46600,Pakistan [4]Department of Electrical Engineering,Yeungnam University,Gyeongsan,38541,Republic of Korea [5]Department of Information and Communication Engineering,Yeungnam University,Gyeongsan,38541,Republic of Korea

出　　处：《Computers, Materials & Continua》2025年第1期139-172,共34页计算机、材料和连续体（英文）

摘　　要：Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.

关 键 词：Software development lifecycle systematic literature review critical software security risks national institute of standards and technology DevSecOps open web application security project McGraw’s touch points 

分 类 号：TP311.52[自动化与计算机技术—计算机软件与理论]