Factors Affecting the Adoption of Secure Software Practices in Small and Medium Enterprises that Build Software In-house

Article Sidebar

PDF
Published: Apr 20, 2023
DOI: https://doi.org/10.26483/ijarcs.v14i2.6955
Keywords:
software security, secure software, secure software development lifecycle, ssdlc, ssdlc adoption, diffusion of innovation

Main Article Content

Wisdom Umeugo
https://orcid.org/0000-0001-5121-0081
Kimberly Lowrey
University of the Cumberlands, Kentucky, USA
Shardul Pandya
University of the Cumberlands, Kentucky, USA

Abstract

Software has grown enormously in value because of its wide use for domestic, public, and economic activities. Software must be secure because exploited software vulnerabilities can negatively affect individuals’ and organizations' financial, health, and economic well-being. Various authors recommended practicing a secure software development lifecycle (SSDLC) to ensure that software is released secured. Software small and medium enterprises (SMEs), the dominant software publishers, have not widely adopted the SSDLC. This study approached the problem of software SMEs’ inadequate adoption of SSDLC from an innovation adoption perspective based on the diffusion of innovation theoretical framework (DOI). Five DOI factors, relative advantage, compatibility, complexity, trialability, and observability, were assessed for significance to software SMEs’ intention to adopt SSDLC. A random sample of 200 participants from a population of software security decision-makers of software SMEs based in the United States that develop software in-house were surveyed via an online close-ended questionnaire. Relative advantage, compatibility, and trialability were statistically significant to SME SSDLC adoption intention. Complexity and observability were not statistically significant to SME SSDLC adoption intention. Trialability was the strongest predictor of SME SSDLC adoption intention. SME software security decision-makers may find that the results of this study help to determine the factors they should consider when deciding to introduce the SSDLC into their software development process.  The result of the study has implications for practice and social change because increased SME SSDLC adoption potentially results in the development of more secure software and fewer software security incidents.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 14 No. 2 (2023): March-April 2023
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.
Author Biography

Wisdom Umeugo

Independent Researcher

Ottawa,

Canada

References

OECD, OECD skills outlook 2019: thriving in a digital world. OECD, 2019.

N. Yusupova and K. Mironov, “Key information technologies for digital economy.,†Proceedings of REMS 2018 Russian Federation & Europe Multidisciplinary Symposium on Computer Science and ICT, vol. 2254, p. 330, 2018.

S. R. Sree and C. P. Rao, “A study on application of soft computing techniques for software effort estimation,†in A Journey Towards Bio-inspired Techniques in Software Engineering, vol. 185, J. Singh, S. Bilgaiyan, B. S. P. Mishra, and S. Dehuri, Eds. Cham: Springer International Publishing, 2020, pp. 141–165.

Gartner, “Gartner Forecasts Worldwide IT Spending to Reach $4.4 Trillion in 2022,†Gartner, May 06, 2022. https://www.gartner.com/en/newsroom/press-releases/2022-04-06-gartner-forecasts-worldwide-it-spending-to-reach-4-point-four-trillion-in-2022 (accessed May 15, 2022).

J. Ransome and A. Misra, Core Software Security. Auerbach Publications, 2018.

M. Tuape and Y. Ayalew, “Factors affecting development process in small software companies,†in 2019 IEEE/ACM Symposium on Software Engineering in Africa (SEiA), May 2019, pp. 16–23, doi: 10.1109/SEiA.2019.00011.

H. Al-Matouq, S. Mahmood, M. Alshayeb, and M. Niazi, “A maturity model for secure software design: A multivocal study,†IEEE Access, vol. 8, pp. 215758–215776, 2020, doi: 10.1109/ACCESS.2020.3040220.

R. Fujdiak et al., “Managing the secure software development,†in 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Jun. 2019, pp. 1–4, doi: 10.1109/NTMS.2019.8763845.

R. A. Khan, S. U. Khan, H. U. Khan, and M. Ilyas, “Systematic mapping study on security approaches in secure software engineering,†IEEE Access, vol. 9, pp. 19139–19160, 2021, doi: 10.1109/ACCESS.2021.3052311.

F. Alghamdi, “Motivational company’s characteristics to secure software,†in 2020 3rd International Conference on Computer Applications & Information Security (ICCAIS), Mar. 2020, pp. 1–5, doi: 10.1109/ICCAIS48893.2020.9096815.

E. Venson, R. Alfayez, M. M. F. Gomes, R. M. C. Figueiredo, and B. Boehm, “The impact of software security practices on development effort: an initial survey,†in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Sep. 2019, pp. 1–12, doi: 10.1109/ESEM.2019.8870153.

H. Assal and S. Chiasson, “Motivations and amotivations for software security.,†SOUPS Workshop on Security Information Workers (WSIW). USENIX Association, p. 1, 2018.

Z. A. Maher, A. Shah, S. Chandio, H. M. Mohadis, and N. H. B. A. Rahim, “Challenges and limitations in secure software development adoption - A qualitative analysis in Malaysian software industry prospect,†IJST, vol. 13, no. 26, pp. 2601–2608, Jul. 2020, doi: 10.17485/IJST/v13i26.848.

J. Witschey, O. Zielinska, A. Welk, E. Murphy-Hill, C. Mayhorn, and T. Zimmermann, “Quantifying developers’ adoption of security tools,†in Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015, New York, New York, USA, Aug. 2015, pp. 260–271, doi: 10.1145/2786805.2786816.

M. G. Jaatun and D. Soares Cruzes, “Care and feeding of your security champion,†in 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Jun. 2021, pp. 1–7, doi: 10.1109/CyberSA52016.2021.9478254.

I. M. Y. Woon and A. Kankanhalli, “Investigation of IS professionals’ intention to practise secure development of applications,†Int. J. Hum. Comput. Stud., vol. 65, no. 1, pp. 29–41, Jan. 2007, doi: 10.1016/j.ijhcs.2006.08.003.

M. Deschene, “Embracing security in all phases of the software development life cycle: A Delphi study,†Undergraduate thesis, 2016.

E. M. Rogers, “Diffusion of innovations/everett m. rogers.,†NY: Simon and Schuster, vol. 576, 2003.

S.-H. Hwang, J.-H. Lee, and Y. Hu, “Diffusion and adoption of smart media in china,†APJCRI, vol. 7, no. 12, pp. 67–77, Dec. 2021, doi: 10.47116/apjcri.2021.12.07.

M. A. Hameed and N. A. G. Arachchilage, “A conceptual model for the organizational adoption of information system security innovations,†in Security, privacy, and forensics issues in big data, R. C. Joshi and B. B. Gupta, Eds. IGI Global, 2020, pp. 317–339.

T. Lynn, X. Liang, A. Gourinovitch, J. Morrison, G. Fox, and P. Rosati, “Understanding the determinants of cloud computing adoption for high performance computing,†presented at the Hawaii International Conference on System Sciences, 2018, doi: 10.24251/HICSS.2018.489.

J. Kaminski, “Diffusion of innovation theory.,†Canadian Journal of Nursing Informatics, vol. 6, no. 2, pp. 1–6, 2011.

A. M. AlBar and Md. R. Hoque, “Factors affecting cloud ERP adoption in Saudi Arabia: An empirical study,†Information Development, vol. 35, no. 1, pp. 150–164, Jan. 2019, doi: 10.1177/0266666917735677.