{"id":"https://openalex.org/W4285172359","doi":"https://doi.org/10.1109/access.2022.3178301","title":"Security Assurance Model of Software Development for Global Software Development Vendors","display_name":"Security Assurance Model of Software Development for Global Software Development Vendors","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4285172359","doi":"https://doi.org/10.1109/access.2022.3178301"},"language":"en","primary_location":{"id":"doi:10.1109/access.2022.3178301","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3178301","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09782440.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09782440.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038573631","display_name":"Rafiq Ahmad Khan","orcid":"https://orcid.org/0000-0002-5983-9981"},"institutions":[{"id":"https://openalex.org/I68649149","display_name":"University of Malakand","ror":"https://ror.org/012xdha97","country_code":"PK","type":"education","lineage":["https://openalex.org/I68649149"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Rafiq Ahmad Khan","raw_affiliation_strings":["Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan"],"raw_orcid":"https://orcid.org/0000-0002-5983-9981","affiliations":[{"raw_affiliation_string":"Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan","institution_ids":["https://openalex.org/I68649149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033423519","display_name":"Siffat Ullah Khan","orcid":"https://orcid.org/0000-0003-0339-7915"},"institutions":[{"id":"https://openalex.org/I68649149","display_name":"University of Malakand","ror":"https://ror.org/012xdha97","country_code":"PK","type":"education","lineage":["https://openalex.org/I68649149"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Siffat Ullah Khan","raw_affiliation_strings":["Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan"],"raw_orcid":"https://orcid.org/0000-0003-0339-7915","affiliations":[{"raw_affiliation_string":"Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan","institution_ids":["https://openalex.org/I68649149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067213628","display_name":"Musaad Alzahrani","orcid":"https://orcid.org/0000-0002-6585-4483"},"institutions":[{"id":"https://openalex.org/I52207611","display_name":"Al Baha University","ror":"https://ror.org/0403jak37","country_code":"SA","type":"education","lineage":["https://openalex.org/I52207611"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Musaad Alzahrani","raw_affiliation_strings":["Department of Computer Science, Albaha University, Albaha, Saudi Arabia","Albaha 65799, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-6585-4483","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Albaha University, Albaha, Saudi Arabia","institution_ids":["https://openalex.org/I52207611"]},{"raw_affiliation_string":"Albaha 65799, Saudi Arabia","institution_ids":["https://openalex.org/I52207611"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047318115","display_name":"Muhammad Ilyas","orcid":"https://orcid.org/0000-0003-2531-6485"},"institutions":[{"id":"https://openalex.org/I68649149","display_name":"University of Malakand","ror":"https://ror.org/012xdha97","country_code":"PK","type":"education","lineage":["https://openalex.org/I68649149"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Muhammad Ilyas","raw_affiliation_strings":["Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan"],"raw_orcid":"https://orcid.org/0000-0003-2531-6485","affiliations":[{"raw_affiliation_string":"Department of Computer Science and IT, Software Engineering Research Group, University of Malakand, Chakdara, Pakistan","institution_ids":["https://openalex.org/I68649149"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":10.5159,"has_fulltext":true,"cited_by_count":37,"citation_normalized_percentile":{"value":0.98295074,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"10","issue":null,"first_page":"58458","last_page":"58487"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.846747100353241},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.6258580088615417},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5983257293701172},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.572969913482666},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5422549843788147},{"id":"https://openalex.org/keywords/software-peer-review","display_name":"Software peer review","score":0.46361881494522095},{"id":"https://openalex.org/keywords/package-development-process","display_name":"Package development process","score":0.46098265051841736},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4526526629924774},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.44841092824935913},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44663047790527344},{"id":"https://openalex.org/keywords/personal-software-process","display_name":"Personal software process","score":0.42967334389686584},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.42432254552841187},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.39762887358665466},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3887188732624054},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.268332839012146},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.24731522798538208},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08184358477592468}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.846747100353241},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.6258580088615417},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5983257293701172},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.572969913482666},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5422549843788147},{"id":"https://openalex.org/C74579156","wikidata":"https://www.wikidata.org/wiki/Q7554342","display_name":"Software peer review","level":5,"score":0.46361881494522095},{"id":"https://openalex.org/C123551368","wikidata":"https://www.wikidata.org/wiki/Q7122888","display_name":"Package development process","level":5,"score":0.46098265051841736},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4526526629924774},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.44841092824935913},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44663047790527344},{"id":"https://openalex.org/C39890963","wikidata":"https://www.wikidata.org/wiki/Q1702721","display_name":"Personal software process","level":5,"score":0.42967334389686584},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.42432254552841187},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.39762887358665466},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3887188732624054},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.268332839012146},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.24731522798538208},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08184358477592468}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2022.3178301","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3178301","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09782440.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:cf31e06a09cf42c6b54370916f8dabee","is_oa":false,"landing_page_url":"https://doaj.org/article/cf31e06a09cf42c6b54370916f8dabee","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 10, Pp 58458-58487 (2022)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2022.3178301","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3178301","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09782440.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.4300000071525574,"display_name":"Partnerships for the goals"},{"id":"https://metadata.un.org/sdg/9","score":0.4300000071525574,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320316435","display_name":"University of Malakand","ror":"https://ror.org/012xdha97"},{"id":"https://openalex.org/F4320316465","display_name":"Albaha University","ror":"https://ror.org/0403jak37"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4285172359.pdf","grobid_xml":"https://content.openalex.org/works/W4285172359.grobid-xml"},"referenced_works_count":99,"referenced_works":["https://openalex.org/W945978269","https://openalex.org/W1079567482","https://openalex.org/W1556109975","https://openalex.org/W1669992463","https://openalex.org/W1909163279","https://openalex.org/W1963623648","https://openalex.org/W1972181392","https://openalex.org/W1972325150","https://openalex.org/W1979503333","https://openalex.org/W1987511626","https://openalex.org/W1988225931","https://openalex.org/W2013970737","https://openalex.org/W2016392754","https://openalex.org/W2034628356","https://openalex.org/W2036333779","https://openalex.org/W2043622998","https://openalex.org/W2043723411","https://openalex.org/W2057864103","https://openalex.org/W2062744200","https://openalex.org/W2064280708","https://openalex.org/W2066794936","https://openalex.org/W2072668705","https://openalex.org/W2084620746","https://openalex.org/W2089641512","https://openalex.org/W2096591909","https://openalex.org/W2106798436","https://openalex.org/W2106956101","https://openalex.org/W2124477160","https://openalex.org/W2126513753","https://openalex.org/W2147826933","https://openalex.org/W2152497221","https://openalex.org/W2162739315","https://openalex.org/W2164184154","https://openalex.org/W2165848285","https://openalex.org/W2224535639","https://openalex.org/W2319545239","https://openalex.org/W2407987675","https://openalex.org/W2507315740","https://openalex.org/W2513642240","https://openalex.org/W2529133275","https://openalex.org/W2548401012","https://openalex.org/W2551701629","https://openalex.org/W2553939890","https://openalex.org/W2555855703","https://openalex.org/W2556034692","https://openalex.org/W2564766228","https://openalex.org/W2579243772","https://openalex.org/W2597156934","https://openalex.org/W2613058612","https://openalex.org/W2745363415","https://openalex.org/W2746170966","https://openalex.org/W2752901856","https://openalex.org/W2756930187","https://openalex.org/W2765333028","https://openalex.org/W2765891360","https://openalex.org/W2767219025","https://openalex.org/W2769963789","https://openalex.org/W2782630803","https://openalex.org/W2804537277","https://openalex.org/W2807350197","https://openalex.org/W2884218922","https://openalex.org/W2900869830","https://openalex.org/W2908382622","https://openalex.org/W2909995151","https://openalex.org/W2910513293","https://openalex.org/W2913576447","https://openalex.org/W2915095518","https://openalex.org/W2952514593","https://openalex.org/W2966889885","https://openalex.org/W2980596464","https://openalex.org/W2997271044","https://openalex.org/W2998233014","https://openalex.org/W3003191277","https://openalex.org/W3005613080","https://openalex.org/W3017250425","https://openalex.org/W3020045301","https://openalex.org/W3021832040","https://openalex.org/W3023452601","https://openalex.org/W3026721734","https://openalex.org/W3039798588","https://openalex.org/W3082693641","https://openalex.org/W3087588268","https://openalex.org/W3093481766","https://openalex.org/W3096028464","https://openalex.org/W3109049172","https://openalex.org/W3128560803","https://openalex.org/W3129161282","https://openalex.org/W3135867972","https://openalex.org/W3153900275","https://openalex.org/W3174278143","https://openalex.org/W4205791736","https://openalex.org/W4247638982","https://openalex.org/W4281705329","https://openalex.org/W6604817806","https://openalex.org/W6608384563","https://openalex.org/W6624782470","https://openalex.org/W6729631367","https://openalex.org/W6736868959","https://openalex.org/W6758156179"],"related_works":["https://openalex.org/W1978034799","https://openalex.org/W4384518368","https://openalex.org/W2141388993","https://openalex.org/W2155353733","https://openalex.org/W2504659933","https://openalex.org/W2039943835","https://openalex.org/W2293245356","https://openalex.org/W1985408088","https://openalex.org/W60029630","https://openalex.org/W2362955522"],"abstract_inverted_index":{"The":[0,71,97,129,153,212],"number":[1],"of":[2,73,99,103,133,135,139,156,176,205,214,223,232],"security":[3,43,105,130,143,229,250],"attacks":[4],"and":[5,84,94,109,122,126,146,181],"the":[6,12,39,173,203,215,220,228],"impact":[7],"has":[8],"grown":[9],"considerably":[10],"in":[11,28,209],"recent":[13],"several":[14],"years.":[15],"As":[16],"a":[17,48,89,163,177,206,242],"result,":[18],"new":[19,49,248],"emerging":[20],"software":[21,30,44,66,136,142,179,192,199,249],"development":[22,67,82,137,193],"models":[23,83],"are":[24],"required":[25],"that":[26,31,57,219],"assist":[27],"developing":[29],"is":[32,58,169],"secure":[33],"by":[34,166],"default.":[35],"This":[36],"article":[37],"reviews":[38],"most":[40],"widely":[41],"used":[42,170],"models.":[45],"It":[46],"proposes":[47],"Security":[50,110,127],"Assurance":[51],"Model":[52],"(SAM)":[53],"for":[54,149,184,244],"Software":[55,74,100,157,224],"Development":[56,75,101,158,225],"adaptable":[59],"to":[60,171,201,246],"all":[61],"contemporary":[62],"scenarios,":[63],"emphasizing":[64],"global":[65],"(GSD)":[68],"vendor":[69],"companies.":[70],"SAM":[72,98,134,155,222],"was":[76,159],"developed":[77],"after":[78],"studying":[79],"11":[80],"well-known":[81],"analyzing":[85],"results":[86,204,213],"obtained":[87],"from":[88,197],"systematic":[90],"literature":[91],"review":[92],"(SLR)":[93],"questionnaire":[95],"survey.":[96],"consists":[102],"seven":[104],"assurance":[106,131,230],"levels:":[107],"Governance":[108],"Threat":[111],"Analysis,":[112,115],"Secure":[113,116,118,120,124],"Requirement":[114],"Design,":[117],"Coding,":[119],"Testing":[121],"Review,":[123],"Deployment,":[125],"Improvement.":[128],"levels":[132],"consist":[138],"46":[140],"critical":[141],"risks":[144],"(CSSRs)":[145],"388":[147],"practices":[148],"addressing":[150],"these":[151],"risks.":[152],"proposed":[154,221],"assessed":[160],"based":[161],"on":[162,191],"tool":[164],"created":[165],"Motorola,":[167],"which":[168],"evaluate":[172],"present":[174],"state":[175],"company&#x2019;s":[178],"processes":[180],"find":[182],"areas":[183],"improvement.":[185],"We":[186],"conducted":[187],"3":[188],"case":[189,216],"studies":[190,217],"companies,":[194],"using":[195],"data":[196],"real":[198],"projects":[200],"examine":[202],"practical":[207],"experiment":[208],"each":[210],"company.":[211],"indicate":[218],"helps":[226],"measure":[227],"level":[231],"an":[233],"organization.":[234],"In":[235],"addition,":[236],"it":[237],"can":[238],"potentially":[239],"serve":[240],"as":[241],"framework":[243],"researchers":[245],"develop":[247],"measures.":[251]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
