Home   >   CSC-OpenAccess Library   >    Manuscript Information
Effect of SDLC Models on The Perception of SSDLC Innovation Characteristics and SSDLC Adoption Intention
Wisdom Umeugo, Kimberley Lowrey, Shardul Pandya
Pages - 1 - 16     |    Revised - 28-02-2023     |    Published - 01-04-2023
Volume - 14   Issue - 1    |    Publication Date - April 2023  Table of Contents
MORE INFORMATION
KEYWORDS
Software Security, SSDLC, Secure Software, Diffusion of Innovation, Adoption.
ABSTRACT
Software security remains an important issue. Security must be prioritized as a functional requirement to build secure software. Security must also be incorporated in every stage of the SDLC by practicing a secure SDLC (SSDLC). There are various SDLC models, each with emphasized priorities, strengths, and weaknesses.Increasing the security of more published software requires that SMEs, the majority ofsoftware publishers, adopt and practice the SSDLC. In promoting the SSDLC, there is a need to know if efforts should be adapted to the various SDLC models. This study empirically examined the effect of SDLC models on the innovation characteristics of the SSDLC derived from the Diffusion of innovation theory and the intention to adopt the SSDLC. A sample of software security managers of software SMEs in the United States was surveyed for the SDLC model used, their perception of the relative advantage, trialability, observability, complexity, and compatibility of the SSDLC, and intention to adopt the SSDLC. A Kruskal-Wallis test performed on the data showed no statistically significant differences between SDLC model groups for relative advantage, compatibility, trialability, observability, complexity, and intention to adopt the SSDLC. Results also indicated that SME Software security managers, on average, would be inclined to adopt the SSDLC if given the impetus. SSDLC adoption efforts can be mostly uniformly applied across the SDLC models. Software security policymakers may find the results of this study useful for SSDLC adoption policy formulation.
Abdulrazeg, A. A., Norwawi, N. M., & Basir, N. (2014). Extending V-model practices to support SRE to build secure web application. 2014 International Conference on Advanced Computer Science and Information System, pp. 213-218. https://doi.org/10.1109/ICACSIS.2014.7065838
Acharya, B., & Sahu, K. (2020). Software development life cycle models: A review paper. International Journal of Advanced Research in Engineering and Technology (IJARET), 11, 169-176.
Adanna, A. A., & Nonyelum, O. F. (2020). Criteria for choosing the right software development life cycle method for the success of software project. IUP Journal of Information Technology, 16(2), 39-65.
Akinsola, J. E., Ogunbanwo, A. S., Okesola, O. J., Odun-Ayo, I. J., Ayegbusi, F. D., & Adebiyi, A. A. (2020). Comparative analysis of software development life cycle models (SDLC). In Intelligent Algorithms in Software Engineering: Proceedings of the 9th Computer Science On-line Conference 2020, Volume 1 9 (pp. 310-322). Springer International Publishing.
Al-Matouq, H., Mahmood, S., Alshayeb, M., & Niazi, M. (2020). A maturity model for secure software design: A multivocal study. IEEE Access : Practical Innovations, Open Solutions, 8, 215758-215776. https://doi.org/10.1109/ACCESS.2020.3040220.
Al-Saqqa, S., Sawalha, S., & Abdel-Nabi, H. (2020). Agile software development: methodologies and trends. International Journal of Interactive Mobile Technologies (IJIM), 14(11), 246. https://doi.org/10.3991/ijim.v14i11.13269.
AlBar, A. M., & Hoque, M. R. (2019). Factors affecting cloud ERP adoption in Saudi Arabia: An empirical study. Information Development, 35(1), 150-164. https://doi.org/10.1177/0266666917735677
Alenezi, M., & Almuairfi, S. (2019). Security risks in the software development lifecycle. International Journal of Recent Technology and Engineering, 8(3), 7048-7055.
Alenezi, M., & Almuairfi, S. (2020). Essential activities for secure software development. International Journal of Software Engineering & Applications (IJSEA), 11(2).
Almazaydeh, L., Alsafasfeh, M., Alsalameen, R., & Alsharari, S. (2022). Formalization of the prediction and ranking of software development life cycle models. International Journal of Electrical and Computer Engineering (IJECE), 12(1), 534. https://doi.org/10.11591/ijece.v12i1.pp534-540.
Arrey, D. A. (2019). Exploring the integration of security into software development life cycle (SDLC) methodology (Doctoral dissertation, Colorado Technical University).
Atawneh, S. (2019). The analysis of current state of agile software development. Journal of Theoretical Applied Information Technology, p. 97.
Boehm, B. (2002). Get ready for agile methods, with care. Computer, 35(1), 64-69. https://doi.org/10.1109/2.976920.
Durmus, M. S., Ustoglu, I., Tsarev, R. Y., & Brcsk, J. (2018). Enhanced V-Model. Informatica, 42(4). https://doi.org/10.31449/inf.v42i4.2027.
Gasiba, T. E., Lechner, U., Pinto-Albuquerque, M., & Fernandez, D. M. (2020, December). Awareness of secure coding guidelines in the industry-A first data analysis. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 345-352). IEEE.
Hameed, M. A., & Arachchilage, N. A. G. (2020). A conceptual model for the organizational adoption of information system security innovations. In R. C. Joshi & B. B. Gupta (Eds.), Security, privacy, and forensics issues in big data (pp. 317-339). IGI Global. https://doi.org/10.4018/978-1-5225-9742-1.ch014.
Ibrahim, M., Aftab, S., Bakhtawar, B., Ahmad, M., Iqbal, A., Aziz, N., Javeid, M. S., & Ihnaini, B. N. (2020). Exploring the agile family: A survey. IJCSNS, 20(10).
Kargl, F., Schmidt, R., Kung, A., & Bsch, C. (2019). A privacy-aware V-model for software development. 2019 IEEE Security and Privacy Workshops (SPW), 100.
Khalid, A., Butt, S. A., Jamal, T., & Gochhait, S. (2022). Agile Scrum Issues at Large-Scale Distributed Projects: Scrum Project Development At Large. In I. R. Management Association (Ed.), Research anthology on agile software, software development, and testing (pp. 388-398). IGI Global. https://doi.org/10.4018/978-1-6684-3702-5.ch019.
Khan, R. A., Khan, S. U., Khan, H. U., & Ilyas, M. (2021). Systematic mapping study on security approaches in secure software engineering. IEEE Access : Practical Innovations, Open Solutions, 9, 19139-19160. https://doi.org/10.1109/ACCESS.2021.3052311.
Kute, S. S., & Thorat, S. D. (2014). A review on various software development life cycle (SDLC) models. International Journal of Research in Computer and Communication Technology, 3(7), 778-779.
Leau, Y. B., Loo, W. K., Tham, W. Y., & Tan, S. F. (2012). Software development life cycle AGILE vs traditional approaches. International Conference on Information and Network Technology, 37(1), 162.
McCaffery, F., Özcan-Top, Ö., Treacy, C., Paul, P., Loane, J., Crilly, J., & Mahon, A. M. (2018). A process framework combining safety and security in practice. In X. Larrucea, I. Santamaria, R. V. O’Connor, & R. Messnarz (Eds.), Systems, Software and Services Process Improvement: 25th European Conference, EuroSPI 2018, Bilbao, Spain, September 5-7, 2018, Proceedings (Vol. 896, pp. 173-180). Springer International Publishing. https://doi.org/10.1007/978-3-319-97925-0_14.
Mergel, I., Ganapati, S., & Whitford, A. B. (2020). Agile: A new way of governing. Public Administration Review. https://doi.org/10.1111/puar.13202.
Okesola, O. J., Adebiyi, A. A., Owoade, A. A., Adeaga, O., Adeyemi, O., & Odun-Ayo, I. (2020). Software requirement in iterative SDLC model. In R. Silhavy (Ed.), Intelligent Algorithms in Software Engineering: Proceedings of the 9th Computer Science On-line Conference 2020, Volume 1 (Vol. 1224, pp. 26-34). Springer International Publishing. https://doi.org/10.1007/978-3-030-51965-0_2.
Olorunshola, O. E., & Ogwueleka, F. N. (2022). Review of system development life cycle (SDLC) models for effective application delivery. In A. Joshi, M. Mahmud, R. G. Ragel, & N. V. Thakur (Eds.), Information and communication technology for competitive strategies (ICTCS 2020) ICT: applications and social interfaces (Vol. 191, pp. 281-289). Springer Singapore. https://doi.org/10.1007/978-981-16-0739-4_28.
Paul, M. (2013). Official (ISC) 2 Guide to the CSSLP CBK ((ISC) 2 Press) (2nd ed.). Auerbach Publications.
Pressman, R., & Maxim, B. (2014). Software engineering: A practitioner's approach (8th ed.). McGraw Hill.
Ragunath, P. K., Velmourougan, S., Davachelvan, P., Kayalvizhi, S., & Ravimohan, R. (2010). Evolving a new model (SDLC Model-2010) for software development life cycle (SDLC). International Journal of Computer Science and Network Security, 10(1), 112-119.
Ranawana, R., & Karunananda, A. S. (2021). An agile software development life cycle model for machine learning application development. 2021 5th SLAAI International Conference on Artificial Intelligence (SLAAI-ICAI), 1-6. https://doi.org/10.1109/SLAAI-ICAI54477.2021.9664736.
Ransome, J., & Misra, A. (2021). Core software security (1st ed.). Routledge.
Rogers, E. M. (2003). Diffusion of innovations. NY: Simon and Schuster, p. 576.
Ruggieri, M., Hsu, T. T., & Ali, M. L. (2019, October). Security considerations for the development of secure software systems. In 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) (pp. 1187-1193). IEEE.
Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8. https://doi.org/10.1145/1764810.1764814.
Salve, S. M., Samreen, S. N., & Khatri-Valmik, N. (2018). A Comparative Study on Software Development Life Cycle Models. International Research Journal of Engineering and Technology (IRJET), 5(2), 696-700.
Saravanan, T., Jha, S., Sabharwal, G., & Narayan, S. (2020). Comparative analysis of software life cycle models. 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN), pp. 906-909. https://doi.org/10.1109/ICACCCN51052.2020.9362931.
Shaikh, S., & Abro, S. (2019). Comparison of traditional and agile software development methodology: a short survey. International Journal of Software Engineering and Computer Systems, 5(2), 1-14. https://doi.org/10.15282/ijsecs.5.2.2019.1.0057.
Stoica, M., Mircea, M., & Ghilic-Micu, B. (2013). Software development: agile vs. traditional. Informatica Economica, 17(4/2013), 64-76. https://doi.org/10.12948/issn14531305/17.4.2013.06.
Tsui, F., Karam, O., & Bernal, B. (2022). Essentials of software engineering. Jones & Bartlett Learning.
Tudela, F. M., Higuera, J. R. B., Higuera, J. B., Montalvo, J. A. S., & Argyros, M. I. (2020). On combining static, dynamic and interactive analysis security testing tools to improve OWASP top ten security vulnerability detection in web applications. Applied Sciences, 10(24), 9119.
Dr. Wisdom Umeugo
Ph.D. University of the Cumberlands, Independent Researcher, Ottawa - Canada
wumeugo@gmail.com
Dr. Kimberley Lowrey
School of Computer and Information Sciences, University of the Cumberlands, Kentucky - United States of America
Dr. Shardul Pandya
School of Computer and Information Sciences, University of the Cumberlands, Kentucky - United States of America


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS