A SWOT Analysis of Software Development Life Cycle Security Metrics

Cybersecurity is an ongoing and critical concern because of the constant and persistent threats from malicious actors such as hackers and crackers. The widespread use of software systems has revolutionized modern society in various aspects, but it has also brought forth new challenges in safeguarding sensitive and confidential information with the evolution of information and communication technology (ICT). Quantifying security measures can provide evidence to support decision-making in software security, especially when it comes to evaluating the security performance of software systems. This involves understanding the main quality criteria of security metrics, which can aid in building security metrology models based on practical requirements. To further explore this topic, this study conducted a systematic literature review of security metrics and measures in the context of Secure Software Development (SSD). The study selected 61 research studies based on specific inclusion and exclusion criteria and extracted data from the selected articles. The study identified 215 software security metrics, which were then categorized based on Software Development Life Cycle (SDLC) phases. To evaluate the effectiveness of the most commonly cited metrics in each phase, the study applied a SWOT analysis to highlight their strengths, weaknesses, opportunities, and threats. The findings of this study offer valuable guidance to diligent and motivated researchers to investigate emerging research trends and address existing gaps in Secure Software Development. Furthermore, this investigation provides software professionals with a more comprehensive understanding of security measurements, constraints, and open-ended specific and general issues.