Comparative study

The widely used secure software development practices that fit the commis-sioner’s context had to be identified and compared. This comparative study was concluded to determine models and their feature suitability for the business context. This affected the choice for the method which is a qualitative compara-tive study.

Pickvance (2005, p. 2) writes that a principal rationale for a comparative analysis is the explanatory curiosity of achieving an improved grasp of the causal processes engaged in the creation of an event, feature or relationship. In comparative study differences between the cases are mapped and data is col-lected from two or more cases according to a shared framework. Pickvance also cites Tilly (1984, p. 82) who has defined four types of comparative analysis. This thesis utilizes the variation-finding comparison which tries to establish a prin-ciple of variation in the character or intensity of a phenomenon by examining systematic distinctions among instances. This comparative study aims to detect differences and similarities between the models. Because this is a qualitative study the focus was on multiple features which were compared be-tween six models. They were given a certain criterion to fulfil and these criteria was adapted to the commissioner’s goals:

a. Generic (software development model) b.Traceability of information requirements c. Adaptability to linear software development d. Process accommodates iterations

e.Widely used in real-life

f. Founded on threat- and risk principles

The listed criteria are elaborated here. The first criterion is a generic software development model which implies that the model acts as the foundation for the whole software development. The second, information security requirement traceability entails that the commissioner wants to systematically trace infor-mation security requirement implementation into usage. This encompasses re-quirement status, owner, category, and risk- based prioritization and this com-bination aids in requirement implementation decisions. It is vital for traceability to justify the decisions accurately and document them comprehensively. It means that the decision making can be traced to its origin during the develop-ment. The after-launch changes for improved traceability must also be included.

Linear software development adaptability simply means that the repre-sented practices can be implemented to linear software development. This pro-cess must enable iterations. In this context enabling propro-cess iterations means that the practices that are implemented to as part of the requirements engineer-ing process will not disable the iterations between phases. Thus, agile practices are also supported.

Widely used entails the model recognizability and usability in large scale by the industry. These criteria ensure its easily accessible and there are enough experiences of its usage on expertise and developer levels. A widely used mod-el is also better maintained and further devmod-eloped.

Foundation on threat and risk modelling entails initiation of risk man-agement. This idea is founded on the presumption that to protect critical soft-ware assets, their threats and risks must be identified, and their probability and effect evaluated. Through this the prioritization of security requirements and refinement implementation to software development can be achieved.

Comparative study included five iterations (TABLE 4) and the first itera-tion was already outlined during the literature review. This was done by listing frequently mentioned secure software development models from industry’s research and literature. The exception being the “Phase-Gate”. It is the original version of the commissioner’s Gateway- model to which these practices are to be implemented and was added per the commissioner’s requests. There were 41 models that emerged, and they are listed in their entirety to the annex 4. The initial listing was examined in co-operation with the commissioner during the second iteration and the most suitable models for third iteration were selected:

a. Phase-Gate (GateWay) d. SAMM (by OWASP)

b. SAFe e. Touchpoints (by McGraw)

c. BSIMM (by OWASP f. Square

Third iteration included a comparison against the chosen criteria and the fourth iteration was done to exclude some unsuitable models. The fifth and final itera-tion compared the process with an existing research paper’s results to assess perspectives with another set of criteria.

TABLE 4 Iterations in comparative study Iteration Purpose

1. Discover and list initial SSDL- models found through literature review 2. Select the most suitable models to third iteration with the commissioner 3. Evaluate models to selection criteria

4. Comparison between models

5. Comparison of the model content between Higuera et al. and this thesis

It cannot be concluded to any degree of certainty that all suitable models for the comparison were found during the literature review. Time limits for this re-search did not permit a full investigation into every available model. Search

results were logically restricted for example if the model was specific, unknown or brand new then the probability of its exclusion was high despite the best ef-forts of the researchers. These restrictions affected the first iteration, its scope and steered its direction thus, the reliability of the research was negatively af-fected. The five iterations ensure that the issues have been considered from var-ious perspectives and several times. Furthermore, it guarantees high-quality results and fulfils the research directives.

4 APPLYING ACTION RESEARCH AND EVALUA-TION OF RESULTS

This chapter consists the two phases referred as stages according to Davidson’s study presented earlier. The first stage 4.1 is a current situation diagnosis, which consists of the document analysis-, interview- and comparative study material as part of action research. The document analysis is compact and func-tioned as the familiarization phase for the researchers. Semi-structured material is also introduced, and its material was processed through coding and categori-zation. The material from the interviews formed the empirical foundation of this research. Comparative study is based on the literature review where com-parisons are done on the suitable models and their practices for the commis-sioner. The second stage 4.1.6 is action planning, which ties together all the sults of previous mentioned material. These materials as well as literature re-view together are used to form the plan for intervention.