Authors:
Alaa’ Omar
1
;
Ahmad Alsadeh
2
and
Mamoun Nawahdah
3
Affiliations:
1
Master in Software Engineering, Birzeit University, Almarj Str. 1, Birzeit, Palestine (State of)
;
2
Electrical and Computer Engineering, Birzeit University, Almarj Str. 1, Birzeit, Palestine (State of)
;
3
Computer Science, Birzeit University, Almarj Str. 1, Birzeit, Palestine (State of)
Keyword(s):
Secure Software Development, Software Security Engineering, Software Security Principles.
Abstract:
Security in software development lifecycle (SDL) is a comprehensive development process for detecting, preventing security defects, and responding to the exploits. In this study, we investigate to what extent the software security principles are adopted in the Palestinian IT sector. Thus, we conducted an online self-administered questionnaire that targeted the Palestinian IT sector on a random sample of participants. The results revealed that most of the security practices are not fully applied by the surveyed enterprises. We found that the security background, company domain, budget, and timeline are influential factors that affect the adoption of security principles during the SDL. In addition, we found that software security is often neglected by most developers, although they are willing to comply with security principles when needed.