Embracing security in all phases of the software development life cycle| A Delphi study

• Main Author: Deschene, Marie
• Language: EN
• Published: Capella University 2016
• Subjects: Computer engineering|Computer science
• Online Access: http://pqdtopen.proquest.com/#viewpdf?dispub=10156658

<p> Software is omnipresent from refrigerators to financial institutions. In addition to software that defines cyber system functionality, there is an increasing amount of digitized data on cyber systems. This increasing amount of easily available data has prompted a rise in attacks on cyber systems by globally organized attackers. The solution (which has been proposed by multiple authors) is to plan security into software products throughout all software development phases. This approach constitutes a change in the software development life cycle (SDLC) process. Acceptance and approval from all software development stakeholders is needed to make this type of cultural paradigm shift. A Delphi study into what would encourage software development stakeholders to accept the need for security during software development was performed. Results of the three-round Delphi study revealed education (formal and informal) would increase software development stakeholder understanding of the risks of insecure software and educate stakeholders on how to plan and write more secure software. The Delphi study also revealed that mitigation of time and resource constraints on software projects is needed to encourage software teams to embrace the need and efforts necessary to include security in all phases of the SDLC. </p>