loading page

Evaluation of Requirement Engineering Best Practices for Secure Software Development in GSD: An ISM Analysis
  • +2
  • Rafiq Ahmad Khan,
  • Muhammad Azeem Akbar,
  • Saima Rafi,
  • Alaa Omran Almagrabi,
  • Musaad Alzahrani
Rafiq Ahmad Khan
University of Malakand

Corresponding Author:[email protected]

Author Profile
Muhammad Azeem Akbar
LUT University
Author Profile
Saima Rafi
University of Murcia
Author Profile
Alaa Omran Almagrabi
King Abdulaziz University
Author Profile
Musaad Alzahrani
Albaha University
Author Profile


Technological advancement makes the world a global village. The immense use of software systems has modernized human society in every aspect. Thus, the security parameter is an important element that needs to be considered while developing software systems. Considering the significance of software security, it is important to consider the security practices from the early phase of the software development life cycle (SDLC), i.e., requirements engineering (RE). Hence, this study aims to identify and categorize RE practices important to apply for secure software development (SSD) in a geographically distributed development environment. To study the RE practices concerning SSD, we conducted a questionnaire survey with industrial experts in the global software development (GSD) context. Furthermore, the interpretive structure modeling (ISM) approach was applied to evaluate the relationship between the RE security practice core categories. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show the “Awareness of Secure Requirement Engineering (SRE)” category has the most decisive influence on the other ten core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process.