Exploring software security approaches and their limitations in SDLC

Traditionally, software security is only considered in the later stages of software development with the incorporation of security concerns as an afterthought. As a consequence, the risk of introducing new security vulnerabilities into various stages of software development lifecycles increases. Research evidence has proven that approaches to address security-related concerns are insufficient and could likely cause costly reworks. To avoid these costly mistakes, security concerns need to be addressed from the beginning of software development lifecycles all the way through to deployment and maintenance. Several approaches have been proposed in the literature for incorporating security into the SDLC from the requirements gathering phase until the maintenance and deployment. Despite the importance of these approaches, only a small amount of work has been carried out to investigate the approaches and their limitations in a systematic manner. Exploring software security approaches and their limitations are the major concern of this book to assist software development organizations in better understanding the existing software security approaches used in SDLC.