5. Summary, Implications and Future Work
In software engineering, it is important to carefully consider the practices with the intent to develop secure software projects at the beginning. Requirements engineers need to examine the best practices that come with the GSD paradigm, which is being considered by the vast majority of software development companies. Since this research investigates and evaluates the security practices that need to be adopted by requirements engineering teams in the context of GSD, this paper is an extension of our previously published systematic literature review.
In the first phase of this research, a questionnaire survey was conducted with GSD experts. The results of this survey were used to assess the importance of the highlighted RE security practices in real-world practice. The data collection process for the survey yielded 50 responses that were considered for the final data sample. According to the frequency analysis, these 70 RE security practices and their primary 11 categories are linked to industry practices. Survey results depict that the most common security requirement engineering (SRE) practices are well-defined client roles and resource capabilities, abuse and misuse cases, record rationale for security requirements, perform security requirements specification, and define standard templates for describing authentication, authorization, immunity, privacy, integrity, non-repudiation, intrusion detection, and system maintenance security requirements. These operations yield outcomes that are inextricably tied to the software’s economic value.
Secondly, in the third phase, we used the ISM technique to investigate the links between GSD organizations in the SSD process 11 major RE security practices categories. According to the findings, the RE1 ”Awareness of SRE” category is the top for selecting RE practices for SSD. This shows that RE1 is an independent category in the identified list of RE practices for SSD. All the other categories are dependent on RE1. The ISM approach results also present that RE3 ”Requirement Elicitations” is dependent only on level 3 (RE1: Awareness of SRE), but all the coming categories (RE2, RE4-RE11) of level 1 depend on level 2 category (RE3). The findings further depict that RE2, RE4-RE11 practices categories depend on RE3 and RE1.
The study implications for researchers and practitioners are as follows: