{"id":"https://openalex.org/W3109049172","doi":"https://doi.org/10.1109/access.2020.3040220","title":"A Maturity Model for Secure Software Design: A Multivocal Study","display_name":"A Maturity Model for Secure Software Design: A Multivocal Study","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3109049172","doi":"https://doi.org/10.1109/access.2020.3040220","mag":"3109049172"},"language":"en","primary_location":{"id":"doi:10.1109/access.2020.3040220","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3040220","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09268931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09268931.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030675042","display_name":"Hassan Al-Matouq","orcid":"https://orcid.org/0000-0002-8804-5486"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Hassan Al-Matouq","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-8804-5486","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007816848","display_name":"Sajjad Mahmood","orcid":"https://orcid.org/0000-0001-5786-5118"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Sajjad Mahmood","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-5786-5118","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014589730","display_name":"Mohammad Alshayeb","orcid":"https://orcid.org/0000-0001-7950-0099"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mohammad Alshayeb","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7950-0099","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041382184","display_name":"Mahmood Niazi","orcid":"https://orcid.org/0000-0001-7318-7644"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mahmood Niazi","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7318-7644","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":7.2406,"has_fulltext":true,"cited_by_count":49,"citation_normalized_percentile":{"value":0.97222565,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"8","issue":null,"first_page":"215758","last_page":"215776"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/systems-development-life-cycle","display_name":"Systems development life cycle","score":0.7365738749504089},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.709343671798706},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6851157546043396},{"id":"https://openalex.org/keywords/capability-maturity-model-integration","display_name":"Capability Maturity Model Integration","score":0.6663413643836975},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.5662757158279419},{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.5130566358566284},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.5101571679115295},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.47236496210098267},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.41671597957611084},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3704758286476135},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.32750552892684937},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3267263174057007},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.31350576877593994},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2697422504425049},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16321256756782532},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07879382371902466}],"concepts":[{"id":"https://openalex.org/C120617098","wikidata":"https://www.wikidata.org/wiki/Q559486","display_name":"Systems development life cycle","level":5,"score":0.7365738749504089},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.709343671798706},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6851157546043396},{"id":"https://openalex.org/C182406803","wikidata":"https://www.wikidata.org/wiki/Q428361","display_name":"Capability Maturity Model Integration","level":5,"score":0.6663413643836975},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.5662757158279419},{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.5130566358566284},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.5101571679115295},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.47236496210098267},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.41671597957611084},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3704758286476135},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.32750552892684937},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3267263174057007},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.31350576877593994},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2697422504425049},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16321256756782532},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07879382371902466}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2020.3040220","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3040220","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09268931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:f5a0c7c22fd14b9a91494e2b3073abd4","is_oa":true,"landing_page_url":"https://doaj.org/article/f5a0c7c22fd14b9a91494e2b3073abd4","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 8, Pp 215758-215776 (2020)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2020.3040220","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3040220","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09268931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","display_name":"Responsible consumption and production","score":0.5299999713897705}],"awards":[{"id":"https://openalex.org/G2277145544","display_name":null,"funder_award_id":"IN171008","funder_id":"https://openalex.org/F4320322323","funder_display_name":"King Fahd University of Petroleum and Minerals"}],"funders":[{"id":"https://openalex.org/F4320322323","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3109049172.pdf","grobid_xml":"https://content.openalex.org/works/W3109049172.grobid-xml"},"referenced_works_count":67,"referenced_works":["https://openalex.org/W118223361","https://openalex.org/W641490396","https://openalex.org/W945978269","https://openalex.org/W1494606471","https://openalex.org/W1496698723","https://openalex.org/W1497543769","https://openalex.org/W1524147119","https://openalex.org/W1527311855","https://openalex.org/W1561474038","https://openalex.org/W1582739951","https://openalex.org/W1598020617","https://openalex.org/W1828031262","https://openalex.org/W1976109263","https://openalex.org/W1979810153","https://openalex.org/W1993051533","https://openalex.org/W2006479099","https://openalex.org/W2013970737","https://openalex.org/W2025896310","https://openalex.org/W2031957425","https://openalex.org/W2062744200","https://openalex.org/W2094419105","https://openalex.org/W2096591909","https://openalex.org/W2098019984","https://openalex.org/W2099020371","https://openalex.org/W2116928152","https://openalex.org/W2129586531","https://openalex.org/W2135606712","https://openalex.org/W2141808825","https://openalex.org/W2152656220","https://openalex.org/W2172100572","https://openalex.org/W2191018382","https://openalex.org/W2224535639","https://openalex.org/W2294407885","https://openalex.org/W2338461023","https://openalex.org/W2471751649","https://openalex.org/W2503060256","https://openalex.org/W2529133275","https://openalex.org/W2551701629","https://openalex.org/W2555855703","https://openalex.org/W2572411793","https://openalex.org/W2593581010","https://openalex.org/W2607752446","https://openalex.org/W2619045612","https://openalex.org/W2621984723","https://openalex.org/W2624458356","https://openalex.org/W2660950707","https://openalex.org/W2735864825","https://openalex.org/W2743099811","https://openalex.org/W2743819427","https://openalex.org/W2746170966","https://openalex.org/W2765891360","https://openalex.org/W2898188678","https://openalex.org/W2908382622","https://openalex.org/W2909995151","https://openalex.org/W2967534835","https://openalex.org/W4205192141","https://openalex.org/W4205736829","https://openalex.org/W4242534170","https://openalex.org/W4285719527","https://openalex.org/W4300997707","https://openalex.org/W6604817806","https://openalex.org/W6624782470","https://openalex.org/W6635024406","https://openalex.org/W6638746757","https://openalex.org/W6720098633","https://openalex.org/W6736868959","https://openalex.org/W6758409312"],"related_works":["https://openalex.org/W2065847993","https://openalex.org/W187697668","https://openalex.org/W4226094329","https://openalex.org/W2000950735","https://openalex.org/W1979077746","https://openalex.org/W2773730828","https://openalex.org/W2052827706","https://openalex.org/W83630804","https://openalex.org/W4403822266","https://openalex.org/W2143509589"],"abstract_inverted_index":{"Security":[0],"is":[1,12,114,210],"one":[2],"of":[3,28,64,111,123,156,192,217,225],"the":[4,23,65,104,121,144,149,190,214,221],"most":[5],"important":[6],"software":[7,18,55,78,88,128,236,251],"quality":[8],"attributes.":[9],"Software":[10,66,179],"security":[11,41,51,58,89,101,238,252],"about":[13],"designing":[14,124],"and":[15,26,45,99,151,162,171,195,233],"developing":[16],"secure":[17,54,125,222],"that":[19,208],"does":[20],"not":[21,92],"allow":[22],"integrity,":[24],"confidentiality,":[25],"availability":[27],"its":[29],"code,":[30],"data,":[31],"or":[32],"service":[33],"to":[34,39,48,76,115,119,142,175,248],"be":[35],"compromised.":[36],"Organizations":[37],"tend":[38],"consider":[40],"as":[42,81],"an":[43,218],"afterthought,":[44],"they":[46],"continue":[47],"suffer":[49],"from":[50],"risks.":[52],"Developing":[53],"requires":[56],"taking":[57],"into":[59,103,167],"consideration":[60],"in":[61,95,127,147,200,212,231],"all":[62],"phases":[63],"Development":[67],"Life":[68],"Cycle":[69],"(SDLC).":[70],"Several":[71],"approaches":[72],"have":[73,91],"been":[74,93],"developed":[75,187],"improve":[77,120],"quality,":[79],"such":[80],"Capability":[82],"Maturity":[83,181],"Model":[84,182],"Integration":[85],"(CMMI).":[86],"However,":[87],"issues":[90],"addressed":[94],"a":[96,107,117,135,177,244],"proper":[97],"manner":[98],"incorporating":[100],"practices":[102,174],"SDLC":[105],"remains":[106],"challenge.":[108],"The":[109,184,203],"objective":[110],"this":[112,133],"paper":[113],"develop":[116,249],"framework":[118,185],"process":[122],"products":[126],"development":[129],"organizations.":[130],"To":[131],"achieve":[132],"objective,":[134],"Multivocal":[136],"Literature":[137],"Review":[138],"(MLR)":[139],"was":[140,165,186],"conducted":[141],"identify":[143],"relevant":[145],"studies":[146,159,199],"both":[148],"formal":[150],"grey":[152],"literature.":[153],"A":[154],"total":[155],"38":[157],"primary":[158],"were":[160],"identified,":[161],"available":[163],"evidence":[164],"synthesized":[166],"8":[168],"knowledge":[169],"areas":[170],"65":[172],"best":[173],"build":[176],"Secure":[178],"Design":[180],"(SSDMM).":[183],"based":[188],"on":[189],"structure":[191],"CMMI":[193],"v2.0":[194],"evaluated":[196],"through":[197],"case":[198,204],"real-world":[201],"environments.":[202],"study":[205],"results":[206],"indicate":[207],"SSDMM":[209,227],"useful":[211],"measuring":[213],"maturity":[215],"level":[216],"organization":[219],"for":[220,246],"design":[223,237],"phase":[224],"SDLC.":[226],"will":[228,241],"assist":[229],"organizations":[230],"evaluating":[232],"improving":[234],"their":[235],"practices.":[239],"It":[240],"also":[242],"provide":[243],"foundation":[245],"researchers":[247],"new":[250],"approaches.":[253]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":18},{"year":2022,"cited_by_count":8}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}