Secure Software Development Practice Adoption Model: A Delphi Study

Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin


Developing secure software is a major concern in public service organizations as highly-sensitive and confidential data are transacted through online applications. A great number of departments around the public sectors depend on online services to ensure effective services delivery. The insecure software can lead to loss of revenue and damage to business reputation. Implementation of secure development practices throughout the software development lifecycle is influenced by many various factors such as organizational and people factor. Although numerous methods, models and standards in regards to secure software development has been established, implementation of the whole model is quite challenging as it involves cost, skill and time. On that account, this paper presents the results of the Delphi study conducted at the Malaysian Public Service Organization (MPS) with the aim to identify the factors which affect the implementation of secure software development practices. Identified factors are mapped to the security practices in order to establish a relationship between the factors and security practices. In the efforts to achieve this objective, 10 experts who were involved in software development from Malaysian Public Service Organization participated in the study.


Delphi; Secure Software Development; Software Development; Software Security;

Full Text:



MAMPU, The Malaysian Public Sector ICT Strategic Plan. 2011.

Xiao, S., J. Witschey, and E. Murphy-Hill, Social influences on secure development tool adoption: why security tools spread, in Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing. 2014, ACM: Baltimore, Maryland, USA. p. 1095-1106.

Thuraisingham, B. and K.W. Hamlen. Challenges and Future Directions of Software Technology: Secure Software Development. in Computer Software and Applications Conference (COMPSAC), 2010 IEEE 34th Annual. 2010. IEEE.

Woon, I.M.Y. and A. Kankanhalli, Investigation of IS professionals' intention to practise secure development of applications. International Journal of Human Computer Studies, 2007. 65(1): p. 29-41.

Turoff, M., The design of a policy Delphi. Technological forecasting and social change, 1970. 2(2): p. 149-171.

Okoli, C. and S.D. Pawlowski, The Delphi method as a research tool: an example, design considerations and applications. Information & management, 2004. 42(1): p. 15-29.

Williams, P.L. and C. Webb, The Delphi technique: a methodological discussion. Journal of advanced nursing, 1994. 19(1): p. 180-186.

Dalkey, N. and O. Helmer, An experimental application of the Delphi method to the use of experts. Management science, 1963. 9(3): p. 458- 467.

Powell, C., The Delphi technique: myths and realities. Journal of advanced nursing, 2003. 41(4): p. 376-382

Keeney, S., F. Hasson, and H.P. McKenna, A critical review of the Delphi technique as a research methodology for nursing. International journal of nursing studies, 2001. 38(2): p. 195-200

Kanniah, S.L. and M.N.r. Mahrin, A Review on Factors Influencing Implementation of Secure Software Development Practices. World Academy of Science, Engineering and Technology, International Journal of Social, Behavioural, Educational, Economic, Business and Industrial Engineering, 2016. 10(8): p. 2860-2867.

McLeod, L. and S.G. MacDonell, Factors that affect software systems development project outcomes: A survey of research. ACM Computing Surveys (CSUR), 2011. 43(4): p. 24.

Alnatheer, M., T. Chan, and K. Nelson. Understanding And Measuring Information Security Culture. in PACIS. 2012.

Hanafizadeh, P. and A.Z. Ravasan, A McKinsey 7S model-based framework for ERP readiness assessment. International Journal of Enterprise Information Systems (IJEIS), 2011. 7(4): p. 23-63.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

ISSN: 2180-1843

eISSN: 2289-8131