A Preventive Secure Software Development Model for a Software Factory: A Case Study

Abstract

The number of cyberattacks has greatly increased in in the last years, as well as their sophistication and impact. For this reason, new emerging software development models are demanded, which help in developing secure by default software. To achieve this, the analysis and comparison in depth of the current models of secure software development is especially important. In this paper, a review of the most popular secure software models is presented, and a new secure software methodology is proposed, adapted to all current environments. A practical experiment in a software development company is tested, as a case study, considering data from real software projects. The results are presented and compared in two development scenarios: a classic one with a reactive security approach, and another one, emerging and preventive, that applies security by default in all phases of the software life cycle. In the case study, the total amount of vulnerabilities is reduced by 68,42%, decreasing their criticality and the temporal impact of their resolutions. In this way, software security and quality are methodologically improved with the proposed model, proving that the new emerging approach provides a more secure software.