A SWOT Analysis of Software Development Life Cycle Security Metrics

• Published in: Journal of software : evolution and process Vol. 37; no. 1
• Main Authors: Khalid, Ayesha, Raza, Mushtaq, Afsar, Palwasha, Khan, Rafiq Ahmad, Mohmand, Muhammad Ismail, Rahman, Hanif Ur
• Format: Journal Article
• Language: English
• Published: Chichester Wiley Subscription Services, Inc 01.01.2025
• Subjects: Criteria; Cybersecurity; Literature reviews; secure software development; security metrics; Software; Software development; software development life cycle; software engineering; software security; SWOT analysis; systematic literature review; Threat evaluation
• ISSN: 2047-7473; 2047-7481
• DOI: 10.1002/smr.2744

ABSTRACT Cyber security is an ongoing and critical concern due to persistent threats posed by threat actors, such as hackers and crackers. With the development of information and communication technologies (ICT), the widespread usage of software systems has transformed modern society in many ways but also created new issues in protecting confidential and sensitive information. The quantification of security measures can provide evidence to support decision‐making in software security, particularly when assessing the security performance of software systems. This entails understanding the key quality criteria of security metrics, which can assist in constructing security models aligned with practical requirements. To delve deeper into this subject, the current study conducted a systematic literature review (SLR) on security metrics and measures within the realm of secure software development (SSD). The study selected 61 research publications for data extraction based on the specific inclusion and exclusion criteria. The study identified 215 software security metrics and classified them into different phases of software development life cycle (SDLC). In order to evaluate the most cited metrics in each phase of SDLC, the strengths, weaknesses, opportunities, and threats (SWOT) analysis was performed. The SWOT analysis offers a structured framework enabling researchers to make more effective, well‐informed decisions and mitigate potential risks, ultimately contributing to more valuable research findings. The study's findings provide researchers guidance for exploring emerging trends and addressing existing gaps in SDLC. This study also provides software professionals with a more comprehensive understanding of security measurements, constraints, and open‐ended specific and general issues. This paper presents a comprehensive SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis of security metrics applied within the Software Development Life Cycle (SDLC). By evaluating key metrics such as secure testing, implementation, design, and maintenance, the study identifies their strengths in enhancing software resilience and highlights gaps in under‐prioritized areas like secure maintenance. Opportunities for integrating advanced tools and frameworks are discussed, alongside emerging threats posed by evolving cybersecurity challenges. The findings offer actionable insights for optimizing the use of security metrics across the SDLC to strengthen overall software security