{"id":"https://openalex.org/W3135867972","doi":"https://doi.org/10.1109/access.2021.3062388","title":"Systematic Mapping of the Literature on Secure Software Development","display_name":"Systematic Mapping of the Literature on Secure Software Development","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3135867972","doi":"https://doi.org/10.1109/access.2021.3062388","mag":"3135867972"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3062388","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3062388","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2021.3062388","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013365776","display_name":"Hern\u00e1n Nina Hanco","orcid":"https://orcid.org/0000-0003-0230-5812"},"institutions":[{"id":"https://openalex.org/I65285256","display_name":"Pontificia Universidad Cat\u00f3lica del Per\u00fa","ror":"https://ror.org/00013q465","country_code":"PE","type":"education","lineage":["https://openalex.org/I65285256"]}],"countries":["PE"],"is_corresponding":true,"raw_author_name":"Hernan Nina","raw_affiliation_strings":["Maestr\u00eda en Inform\u00e1tica, Pontificia Universidad Cat&#x00F3;lica del Per&#x00FA;, Lima, Peru"],"raw_orcid":"https://orcid.org/0000-0003-0230-5812","affiliations":[{"raw_affiliation_string":"Maestr\u00eda en Inform\u00e1tica, Pontificia Universidad Cat&#x00F3;lica del Per&#x00FA;, Lima, Peru","institution_ids":["https://openalex.org/I65285256"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075118957","display_name":"Jos\u00e9 Antonio Pow-Sang","orcid":"https://orcid.org/0000-0003-4001-8072"},"institutions":[{"id":"https://openalex.org/I65285256","display_name":"Pontificia Universidad Cat\u00f3lica del Per\u00fa","ror":"https://ror.org/00013q465","country_code":"PE","type":"education","lineage":["https://openalex.org/I65285256"]}],"countries":["PE"],"is_corresponding":false,"raw_author_name":"Jose Antonio Pow-Sang","raw_affiliation_strings":["Maestr\u00eda en Inform\u00e1tica, Pontificia Universidad Cat&#x00F3;lica del Per&#x00FA;, Lima, Peru"],"raw_orcid":"https://orcid.org/0000-0003-4001-8072","affiliations":[{"raw_affiliation_string":"Maestr\u00eda en Inform\u00e1tica, Pontificia Universidad Cat&#x00F3;lica del Per&#x00FA;, Lima, Peru","institution_ids":["https://openalex.org/I65285256"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073310732","display_name":"M\u00f3nica Villavicencio","orcid":"https://orcid.org/0000-0002-2601-2638"},"institutions":[{"id":"https://openalex.org/I2135383","display_name":"Escuela Superior Politecnica del Litoral","ror":"https://ror.org/04qenc566","country_code":"EC","type":"education","lineage":["https://openalex.org/I2135383"]}],"countries":["EC"],"is_corresponding":false,"raw_author_name":"Monica Villavicencio","raw_affiliation_strings":["Facultad de Ingenier\u00eda en Electricidad y Computaci\u00f3n, Escuela Superior Polit&#x00E9;cnica del Litoral, Guayaquil, Ecuador"],"raw_orcid":"https://orcid.org/0000-0002-2601-2638","affiliations":[{"raw_affiliation_string":"Facultad de Ingenier\u00eda en Electricidad y Computaci\u00f3n, Escuela Superior Polit&#x00E9;cnica del Litoral, Guayaquil, Ecuador","institution_ids":["https://openalex.org/I2135383"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5013365776"],"corresponding_institution_ids":["https://openalex.org/I65285256"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":8.2576,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.97501255,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"9","issue":null,"first_page":"36852","last_page":"36867"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.8256962895393372},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.7708078622817993},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7141152620315552},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7100135087966919},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.6262252926826477},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5946215987205505},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.5293508172035217},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.527043879032135},{"id":"https://openalex.org/keywords/software-peer-review","display_name":"Software peer review","score":0.5053108334541321},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.5000371932983398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45158064365386963},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4348357915878296},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3802787661552429},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.24695590138435364},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2138141393661499},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.149452805519104},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.06100204586982727}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.8256962895393372},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.7708078622817993},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7141152620315552},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7100135087966919},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.6262252926826477},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5946215987205505},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.5293508172035217},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.527043879032135},{"id":"https://openalex.org/C74579156","wikidata":"https://www.wikidata.org/wiki/Q7554342","display_name":"Software peer review","level":5,"score":0.5053108334541321},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.5000371932983398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45158064365386963},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4348357915878296},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3802787661552429},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.24695590138435364},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2138141393661499},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.149452805519104},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.06100204586982727},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2021.3062388","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3062388","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:3969b91b894240c5b0c4fa1529e72e6a","is_oa":true,"landing_page_url":"https://doaj.org/article/3969b91b894240c5b0c4fa1529e72e6a","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 36852-36867 (2021)","raw_type":"article"},{"id":"pmh:oai:repositorio.ulima.edu.pe:20.500.12724/12711","is_oa":true,"landing_page_url":"https://hdl.handle.net/20.500.12724/12711","pdf_url":null,"source":{"id":"https://openalex.org/S4306402641","display_name":"LA Referencia (Red Federada de Repositorios Institucionales de Publicaciones Cient\u00edficas)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4383465926","host_organization_name":"LA Referencia","host_organization_lineage":["https://openalex.org/I4383465926"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"instacron:ULIMA","raw_type":"Art\u00edculo en Scopus y Web of Science"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3062388","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3062388","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.550000011920929,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W23761906","https://openalex.org/W35381090","https://openalex.org/W64035399","https://openalex.org/W79503960","https://openalex.org/W588383646","https://openalex.org/W1177209620","https://openalex.org/W1562463929","https://openalex.org/W1977527011","https://openalex.org/W1987826190","https://openalex.org/W2059507980","https://openalex.org/W2079115921","https://openalex.org/W2093087594","https://openalex.org/W2181807227","https://openalex.org/W2204102791","https://openalex.org/W2340272936","https://openalex.org/W2529133275","https://openalex.org/W2549375757","https://openalex.org/W2552079288","https://openalex.org/W2553939890","https://openalex.org/W2604000799","https://openalex.org/W2784711417","https://openalex.org/W2789368351","https://openalex.org/W2806436836","https://openalex.org/W2808782199","https://openalex.org/W2809232994","https://openalex.org/W2884218922","https://openalex.org/W2905063408","https://openalex.org/W2907040743","https://openalex.org/W2909491807","https://openalex.org/W2945001297","https://openalex.org/W2953772132","https://openalex.org/W6601436240"],"related_works":["https://openalex.org/W2560421591","https://openalex.org/W1978034799","https://openalex.org/W2796094063","https://openalex.org/W4384518368","https://openalex.org/W2062583373","https://openalex.org/W2123075981","https://openalex.org/W2537414278","https://openalex.org/W2504659933","https://openalex.org/W2509785410","https://openalex.org/W3043810321"],"abstract_inverted_index":{"The":[0,87],"accelerated":[1],"growth":[2],"in":[3,11,20,57,113,139,167],"exploiting":[4],"vulnerabilities":[5],"due":[6],"to":[7,30,40,54,91],"errors":[8],"or":[9],"failures":[10],"the":[12,21,35,92,97,123,127,143],"software":[13,115,170],"development":[14,171],"process":[15],"is":[16,156],"a":[17,60,157],"latent":[18],"concern":[19],"Software":[22,37,93,106,124,140],"Industry.":[23],"In":[24,105,122,153],"this":[25,27,58,85],"sense,":[26],"study":[28],"aims":[29],"provide":[31],"an":[32],"overview":[33],"of":[34,72,77,159],"Secure":[36],"Development":[38],"trends":[39],"help":[41],"identify":[42],"topics":[43,130,146],"that":[44,51],"have":[45],"been":[46],"extensively":[47],"studied":[48],"and":[49,99,119,135,150,162],"those":[50],"still":[52],"need":[53],"be.":[55],"Therefore,":[56],"paper,":[59],"systematic":[61],"mapping":[62],"review":[63],"with":[64,164],"PICo":[65],"search":[66],"strategies":[67],"was":[68],"conducted.":[69],"A":[70],"total":[71],"867":[73],"papers":[74,81],"were":[75,82],"identified,":[76],"which":[78],"only":[79],"528":[80],"selected":[83],"for":[84],"review.":[86],"main":[88],"findings":[89],"correspond":[90],"Requirements":[94],"Security,":[95,108,126,142],"where":[96],"Elicitation":[98],"Misuse":[100],"Cases":[101],"reported":[102],"more":[103],"frequently.":[104],"Design":[107],"recurring":[109],"themes":[110],"are":[111,131,147],"security":[112,120],"component-based":[114],"development,":[116],"threat":[117],"model,":[118],"patterns.":[121],"Construction":[125],"most":[128,144],"frequent":[129,145],"static":[132],"code":[133],"analysis":[134],"vulnerability":[136,148],"detection.":[137],"Finally,":[138],"Testing":[141],"scanning":[149],"penetration":[151],"testing.":[152],"conclusion,":[154],"there":[155],"diversity":[158],"methodologies,":[160],"models,":[161],"tools":[163],"specific":[165],"objectives":[166],"each":[168],"secure":[169],"stage.":[172]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2021-03-15T00:00:00"}