7. Conclusion
The software has become an indispensable part of human life, and we live
in the internet of everything. Thus, software security is critical
because a malware attack can cause extreme damage to any piece of
software while compromising integrity, authentication, and availability,
and it results in to breach the personal information, etc. It is
important to consider the security practices from the beginning of the
software development life cycle to develop secure software. This paper
investigates the important practices to consider in the requirements
engineering phase for SSD in the GSD domain. Conducting an empirical
study with experts, we explored 70 practices and were taxonomized into
11 fundamental dimensions (categories)to assist GSD organizations in
specifying the requirements for SSD.
Additionally, we analyzed the interrelationship among core dimensions of
identified practices aiming to check their dependency, interdependency,
and independency. The results depict the ”awareness of secure
requirement engineering” category has the most decisive influence on the
other ten core categories of the identified security practices. The
”requirements elicitation” category is fully dependent just on one
category, i.e., ”awareness of secure requirement engineering,” and other
categories are fully dependent on both these categories. We further
performed the MICMAC analysis to check the right cluster of requirements
engineering categories. The results show that the ”awareness of secure
requirement engineering”, ”requirements elicitation”, and ”analysis and
negotiations of security requirements” categories are considered driving
variable categories and have, thus, been isolated from the system. It is
noted that ”methods and tools”, have strong driving and dependency power
and influence other enablers owing to a strong relationship. This
renders all the categories interlinked with each other but not fully
dependent on any category. We believe the results and discussion of this
study will serve as a body of knowledge for research and practitioners’
community to develop effective strategies towards considering security
from the requirements engineering phase of software development.