Securing Software Development Through People Maturity: A Fuzzy-AHP Decision Making Framework
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
The increasing complexity of software development processes has heightened the need for robust security measures. While technical safeguards are essential, the role of human factors in securing software development remains underexplored. This paper presents a novel approach that integrates people's maturity with a Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) decision-making framework to enhance the security in software development. The framework provides a systematic method for evaluating and prioritizing human factors that influence an organization's security posture, such as team-expertized communication and adherence to security protocols. Using the decision-making model allows the project managers and stakeholders to determine the appropriate areas for improvement and develop the right strategies and actions to nurture a secure and mature development culture. The paper identifies 24 human success factors (HSFs) and human security vulnerabilities (HSVs) and 38 practices for addressing these HSFs and HSVs through systematic literature review (SLR) and empirical survey. Furthermore, we discuss the local and global ranks of each HSF and HSV practice and categorize the identified practices into nine categories to determine the ranks and weight of each category. Based on collected data, Fuzzy-AHP prioritized these practices; the category “C4: Skill Development and Stakeholder Engagement” is ranked highest at rank-1 and possesses the most significant weight of 0.12435. Similarly, the highest global weight is 0.051506, and the global ranked (rank-1) HSF and HSV practice is “P15: Hands-On Practice and Stakeholder Communication”. The proposed approach complements existing technical methods by addressing the human element of security, making it adaptable to diverse organizational environments. Through this integration of people maturity and Fuzzy-AHP, the paper contributes a new dimension to securing software development, emphasizing the critical role of human factors in achieving comprehensive security.