loading page

A Hybrid Approach Using Survey and ISM Analysis for Security Coding Risks and Best Practices for GSD Enterprises
  • +2
  • Rafiq Khan,
  • Azeem Akbar,
  • Hathal Salamah Alwageed,
  • Abdulrahman Alzahrani,
  • Musaad Alzahrani
Rafiq Khan
Northwestern Polytechnical University

Corresponding Author:rafiqahmadk@gmail.com

Author Profile
Azeem Akbar
LUT University
Author Profile
Hathal Salamah Alwageed
Jouf University
Author Profile
Abdulrahman Alzahrani
University of Jeddah
Author Profile
Musaad Alzahrani
Al Baha University
Author Profile

Abstract

Global software development (GSD) offers quality results, cost-effectiveness, and uninterrupted project delivery. However, integrating security into GSD remains a challenge. This study aims to enhance security in GSD projects by developing a hybrid approach using an empirical survey and Interpretive Structural Model (ISM). Initially, we identified 13 major security-coding risks and 82 practices to mitigate these by conducting a systematic literature review and questionnaire survey with 50 GSD security experts. Moreover, 13 experts were invited to analyze the interrelationships among the practices using ISM. The ISM analysis revealed that out of the identified security-coding practices, “never submit security measures to illegitimate authority”, “avoiding buffer overflow and format string vulnerabilities”, “control the brute force attack”, and “identify a middleman attack” were considered fully dependent. While “avoid revealing information to achieve a secure design” is entirely independent within the GSD security context. The study aids GSD professionals in assessing readiness in establishing contractual trust, understanding the current process pros and cons, and addressing urgent issues in secure software development processes.