Software security models and frameworks: an overview and current trends

The continued dependence on information technology applications has led to the adoption of electronic channels and software applications to support businesses, online transactions and communications. In this perspective, both functional and non-functional requirements are critical for the provision of necessary needs at the early phases of the software development process. This is specifically important in the requirement phase of the software development process. Software security is increasingly becoming a necessity concern in this environment. Unfortunately, security concepts such as access control requirements are mostly considered after the functional requirement definition stage. In addition, majority of the developers and organizations regard security as an activity that can be incorporated after the development of a system. This leads to flaws and security defects in the access control mechanism. Therefore, software security issues must be given higher priority in the early stages of the development process. The aim of this paper is to offer a survey of the software security techniques, frameworks and models that have been developed to deal with these issues. The results obtained indicate that software vulnerabilities have made it possible for attackers to exploit them to cause havoc in computerized systems and has become one of the most critical risks facing modern corporate networks. Since most of these vulnerabilities involve exploitable weaknesses introduced through badly written code, the cyber security community has tried to come up with techniques to enhance software products.