An Exploratory Study Gathering Security Requirements for the Software Development Process

Software development stands out as one of the most rapidly expanding markets due to its pivotal role in crafting applications across diverse sectors like healthcare, transportation, and finance. Nevertheless, the sphere of cybersecurity has also undergone substantial growth, underscoring the escalating significance of software security. Despite the existence of different secure development frameworks, the persistence of vulnerabilities or software errors remains, providing potential exploitation opportunities for malicious actors. One pivotal contributor to subpar security quality within software lies in the neglect of cybersecurity requirements during the initial phases of software development. In this context, the focal aim of this study is to analyze the importance of integrating security modeling by software developers into the elicitation processes facilitated through the utilization of abuse stories. To this end, the study endeavors to introduce a comprehensive and generic model for a secure software development process. This model inherently encompasses critical elements such as new technologies, human factors, and the management of security for the formulation of abuse stories and their integration within Agile methodological processes.

Automated summary

Software development is a rapidly expanding market that plays a pivotal role in various sectors such as healthcare, transportation, and finance. However, the field of cybersecurity has also experienced substantial growth, emphasizing the increasing importance of software security. The neglect of cybersecurity requirements during the initial phases of software development is a significant contributor to the subpar security quality and the persisting vulnerabilities or errors. This study aims to analyze the importance of integrating security modeling into the elicitation processes through the use of abuse stories, introducing a comprehensive and generic model for secure software development.