An Exploratory Study on Secure Software Practices Among Software Practitioners in Malaysia
Hong, L., H., Bin, L., and Taylor, M. “A Comparative Analysis of Cybercrimes and Governmental Law Enforcement in China and the United States. Asian journal of criminology. Vol. 5(2), pp. 123-135, 2010.
CBS Corporation. 2015. These Cybercrime Statistics Will Make You Think Twice About Your Password: Where’s the CSI Cyber team when you need them?. Retrieved from http://www.cbs.com/shows/csicyber/news/1003888/these-cybercrime-statistics-will-make-you-thinktwice-about-your-password-where-s-the-csi-cyber-team-when-youneed-them-/
Lee, H. B. 2011, July 26. RM 63 juta rugi angkara jenayah siber. Utusan Malaysia. Retrieved from
Bernama 2013, May 6. Malaysia sixth most vulnerable to cybercrime. The Star. Retrieved from
Cheng, N. 2015, October 26. More than 30 Malaysians fall prey to cybercrime daily. The Star Online. Retrieved from
Mead, N. R. 2010. Security requirement engineering. BSI Articles, SEI Institute.
McGraw, G. 2006. Building security in. Boston: Pearson Education
McGraw, G. 2004. Software security. Security & Privacy, IEEE, 2(2), 80-83. doi: 10.1109/MSECP.2004.1281254
Fauziah Baharom, Aziz Deraman and Abdul Razak Hamdan 2005. A survey on the current practices of software development process in Malaysia. Journal of ICT. pp. 57-76.
Yazrina Yahya, Maryati Mohd Yusof, Mohammed Yusof and Nazlia Omar. The use of Information System development methodology.
Whitehat Security 2013. Website security statistics report, WhiteHat Security, California.
National Cyber Security Alliance 2010. National small business study.
Geer, D. “Are companies actually using secure development life cycles?”. Comp. vol. 43(6), pp.12-16, 2010.
Elahi, G., Yu, E. and Tong, L. “Security requirements engineering in the wild: a survey of common practices. IEEE Ann. Comp.Soft. and App. Conf. pp. 314-319, 2011.
Wilander, J. and Gustavsson, J. 2005. Security requirements–A field study of current practice. Symp. on Req. Eng. for IS.
Amjed Tahir, Rodina Ahmad and Zarinah Mohd Kasirun. 2010. An empirical study on the use of standards and procedures in software development projects. Int. Conf.on Soft.Tec.& Eng.
Ani Liza Asnawi, Gravell, A. M. and Wills, G. B. 2012. Factor analysis: Investigating important aspects for agile adoption in Malaysia. AGILE India. pp. 60-63.
De Win, B., Scandariato, R., Buyens, K., Gregoire, J., and Joosen, W. 2009. On the secure software development process: CLASP, SDL and
Touchpoints compared. Information and Software Technology. Vol.
(7): pp. 1152-1171, 2009.
McGraw, G. 2011. Technology transfer: A software security marketplace case study. Software, IEEE. Vol. 28(5), pp. 9-11, 2011.
ISO 2015. ISO Standards. Retrieved from https://www.iso.org
Davis, N. 2013. Secure software development lifecycle process. Retrieved from https://buildsecurityin.uscert.gov/articles/knowledge/sdlc-process/secure-software-developmentlife-cycle-processes
Karpati, P., Sindre, G., and Opdahl, A. L. 2011. Characterising and analysing security requirements modelling initiatives. Sixth International Conference on Availability, Reliability and Security. 710-715.
Microsoft. 2012. Microsoft Security Development Lifecycle SDL
Process Guidance Version 5.2. Retrieved from http://www.microsoft.com/enmy/download/confirmation.aspx?id=29884
OWASP. 2006. CLASP best practices. Retrieved from
Rios, E. et al. 2009. A qualitative evaluation of model-based security activities for software development. Proceedings of European Workshop on Security in Model Driven Architecture, 14-21. Retreived from http://www.utwente.nl/ctit/publications/workshopproceedings/2009/wp0
Julia, H. A., Barnum, S., Ellison, R. J., McGraw, G., and Mead, N. R.
Software security engineering. Boston: Addison-Wesley.
Evans, R., Tsohou, A., Tryfonas, T., and Morgan, T. 2010. Engineering secure systems with ISO 26702 and 27001. 5th International Conference on System of Systems Engineering (SoSE). 1-6.
Ashbaugh, D. A. 2009. Security software development assessing and managing security risks. Boca Raton: CRC Press.
Merkow, S. M. and Raghavan, L. 2010. Secure and resilient software development. Boca Raton: Auerbach Publications.
Ai, C. Y., Md Mahbubur Rahim, and Leon, M. 2007. Understanding factors affecting success of information security risk assessment: the case of an Australian higher educational institution. Proceedings of PACIS.Paper 74. Retrieved from http://aisel.aisnet.org/pacis2007/74
Syed Irfan Nabi, Abdulrahman A. Mirza, and Khaled Alghathbar 2010. Information assurance in Saudi organizations- an empirical study. In TaiHoon, K., Wai-Chi, F., Muhammad Khurram Khan, Arnett, K. P., Heaujo, K., & Slezak, D., Security technology, disaster recovery and business continuity. Berlin Heidelberg: Springer Berlin Heidelberg
Siponen, M., Pahnila, S., and Mahmood, M. “Compliance with
information security policies: an empirical investigation”. Computer. Vol. 43(2): pp. 64–71, 2010.
Olsson, R. 2006. Managing project uncertainty by using an enhanced risk management process. Sweden: Malardalen University Press.
Sommerville, I. 2007. Software Engineering 8th Ed. Harlow: Pearson Education Limited.
Fauziah Baharom, Jamaiah Yahya, Aziz Deraman, and Abdul Razak Hamdan 2011. SPQF: software process quality factor for software process assessment and certification, International Conference on Electrical Engineering and Informatics.
Shafinah Farvin Packeer Mohamed, Fauziah Baharom and Aziz
Deraman. “ESPAC Model: Extended Software Process Assessment and Certification Model”. ARPN Journal of Engineering and Applied
Sciences. Vol. 10(3), pp. 1364-1373, 2015.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.