The effective building of secure software systems has been addressed by security experts and software development experts through several techniques for identifing and mitigating security threats. Many techniques had been theoretically developed, however, for most of these proposals there is few empirical evidence of its application in building secure software systems. A systematic mapping has been conducted to cover the existent technologies for identification and mitigation of security threats. A total of 10 different techniques covering threats identification and 8 covering the mitigation of threats were found. All the initiatives were integrated to at least one activity of the Software Development Lifecycle (SDLC), while 7 show signs of being adopted in the industry. The mapping found only 15 studies that covered 11 different iniatiatives. Only two techniques presented scientific evidence of its results through controlled experiments, while others selected studies presented informal case studies or examples.
|Number of pages||14|
|Publication status||Published - 1 Apr 2016|
|Event||CIBSE 2016 - XIX Ibero-American Conference on Software Engineering - |
Duration: 1 Apr 2016 → …
|Conference||CIBSE 2016 - XIX Ibero-American Conference on Software Engineering|
|Period||1/04/16 → …|
Silva, P., & Astudillo, H. (2016). Software development initiatives to identify and mitigate security threats-A systematic mapping. 257-270. Paper presented at CIBSE 2016 - XIX Ibero-American Conference on Software Engineering, .