{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T16:29:30Z","timestamp":1780417770364,"version":"3.54.1"},"reference-count":90,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100004055","name":"Deanship of Scientific Research at King Fahd University of Petroleum and Minerals, Saudi Arabia","doi-asserted-by":"publisher","award":["IN171008"],"award-info":[{"award-number":["IN171008"]}],"id":[{"id":"10.13039\/501100004055","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/access.2020.3040220","type":"journal-article","created":{"date-parts":[[2020,11,25]],"date-time":"2020-11-25T01:50:16Z","timestamp":1606269016000},"page":"215758-215776","source":"Crossref","is-referenced-by-count":37,"title":["A Maturity Model for Secure Software Design: A Multivocal Study"],"prefix":"10.1109","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8804-5486","authenticated-orcid":false,"given":"Hassan","family":"Al-Matouq","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5786-5118","authenticated-orcid":false,"given":"Sajjad","family":"Mahmood","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7950-0099","authenticated-orcid":false,"given":"Mohammad","family":"Alshayeb","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7318-7644","authenticated-orcid":false,"given":"Mahmood","family":"Niazi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1002\/bltj.20247"},{"key":"ref72","year":"2016","journal-title":"Security for Industrial Automation and Control Systems"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(86)90014-3"},{"key":"ref70","article-title":"Enhancing the development life cycle to produce secure software: A reference guidebook on software assurance","author":"goertzel","year":"2008"},{"key":"ref76","year":"2017","journal-title":"Managing Security Risks Inherent in The Use of Third-Party Components"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.10.030"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41488-6_10"},{"key":"ref39","year":"2019","journal-title":"Introducing CMMI v2 0"},{"key":"ref75","article-title":"Developing secure software: In an agile process","author":"baca","year":"2012"},{"key":"ref38","article-title":"Method, apparatus and non-transitory computer readable media for the assessment of software products","author":"alshayeb","year":"2017"},{"key":"ref78","year":"2002","journal-title":"Framework for Secure Application Design and Development"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/QUATIC.2016.028"},{"key":"ref33","first-page":"1796e","article-title":"Assessing the adoption level of scaled agile development: A maturity model for scaled agile framework","volume":"29","author":"turetken","year":"2017","journal-title":"Journal of Software: Evolution and Process"},{"key":"ref32","first-page":"931","article-title":"Operational software maturity: An aerospace industry analysis","volume":"11","author":"mu\u00f1oz","year":"2017","journal-title":"Int J Comput Electr Autom Control Inf Eng"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3125433.3125447"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/EUROMICRO.2007.11"},{"key":"ref37","year":"2018","journal-title":"CMMI for Development Version 1 2"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TLA.2017.8071246"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7358"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.17"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/CESI.2017.4"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.48"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3103170"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(11)70083-5"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1002\/smr.311"},{"key":"ref64","year":"2005","journal-title":"Security Engineering Explained"},{"key":"ref27","first-page":"2151e","article-title":"A measurement framework for software product maturity assessment","volume":"31","author":"abdellatif","year":"2019","journal-title":"Journal of Software: Evolution and Process"},{"key":"ref65","year":"2017","journal-title":"CSSLP certification Exam Outline"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SMC-IT.2011.22"},{"key":"ref29","author":"golden","year":"2005","journal-title":"Succeeding with Open Source"},{"key":"ref67","author":"goertzel","year":"2006","journal-title":"Security in the Software Life Cycle"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/RoEduNet.2016.7753243"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/NCG.2018.8593135"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.201"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/s11623-012-0222-3"},{"key":"ref20","article-title":"Attack surface: Mitigate security risks by minimizing the code you expose to untrusted users","author":"howard","year":"2004"},{"key":"ref22","year":"2010","journal-title":"CMMI for Development Version 1 3"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"ref24","first-page":"1","article-title":"Towards a maturity model for software product evaluations","author":"jakobsen","year":"1999","journal-title":"Proc 10th Eur Conf Softw Cost Estimation"},{"key":"ref23","year":"2010","journal-title":"CMMI for Development Version 1 3"},{"key":"ref26","first-page":"7","article-title":"Towards a framework for software product maturity measurement","author":"alshayeb","year":"2015","journal-title":"Proc 10th Int Conf on Software Eng"},{"key":"ref25","first-page":"307","article-title":"A maturity model of software product quality","volume":"43","author":"qutaish","year":"2011","journal-title":"J Res Pract Inf Technol"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02633-1_3"},{"key":"ref51","year":"2018","journal-title":"McAfee Product Security Practices"},{"key":"ref90","author":"campbell","year":"2015","journal-title":"Experimental and Quasi-Experimental Designs for Research"},{"key":"ref59","author":"seacord","year":"2018","journal-title":"Top 10 Secure Coding Practices"},{"key":"ref58","year":"2017","journal-title":"The Secure Development Life-cycle"},{"key":"ref57","year":"2018","journal-title":"Security by Design Principles - OWASP"},{"key":"ref56","year":"2017","journal-title":"Software Assurance Maturity Model"},{"key":"ref55","year":"2016","journal-title":"Cisco Secure Development Lifecycle"},{"key":"ref54","year":"2019","journal-title":"The Secure Software Development Lifecycle at SAP"},{"key":"ref53","year":"2010","journal-title":"Vmwares Security Programs and Practices"},{"key":"ref52","year":"2019","journal-title":"Integrating Application Security Into The Mobile Software Development Lifecycle"},{"key":"ref10","author":"j\u00e1rjens","year":"2005","journal-title":"Secure Systems Development with UML"},{"key":"ref11","author":"gorton","year":"2006","journal-title":"Essential Software Architecture"},{"key":"ref40","year":"2018","journal-title":"Introducing CMMI Development v2 0 to Pan-India Spin"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2009.11"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ASWEC.2010.34"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1370905.1370913"},{"key":"ref15","year":"2018","journal-title":"Microsoft security development lifecycle"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-64r2"},{"key":"ref16","year":"2018","journal-title":"Fundamental practices for secure software development"},{"key":"ref81","year":"2015","journal-title":"SAS Software Security Framework Engineering Secure Products"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45800-X_32"},{"key":"ref84","author":"simhadri","year":"2002","journal-title":"Application Security Architecture"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46146-9_55"},{"key":"ref83","author":"usher","year":"2002","journal-title":"Improving Software Security During Development"},{"key":"ref19","first-page":"130","article-title":"A methodology for secure software design","author":"fernandez","year":"2004","journal-title":"Proc Softw Eng Res Pract"},{"key":"ref80","year":"2019","journal-title":"Application Architecture Review"},{"key":"ref89","author":"yin","year":"2011","journal-title":"Applications of Case Study Research"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2016.10.001"},{"key":"ref3","article-title":"Secure software development: Identification of security activities and their integration in software development lifecycle","author":"ahmed","year":"2007"},{"key":"ref6","year":"2011"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1700"},{"key":"ref85","year":"2013","journal-title":"Security Primer"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"ref86","year":"2015","journal-title":"Symantec Software Security Process"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2006.43"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64218-5_1"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/52.300079"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/11497455_44"},{"key":"ref9","author":"lipner","year":"2006","journal-title":"The Security Development Lifecycle SDL A Process for Developing Demonstrably More Secure Software"},{"key":"ref46","year":"2019","journal-title":"The Software Security Framework"},{"key":"ref45","year":"2017","journal-title":"Product security assurance program"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/2896941.2896946"},{"key":"ref47","year":"2018","journal-title":"Security in Development The IBM Secure Engineering Framework"},{"key":"ref42","year":"2018","journal-title":"Building Security in Maturity Model"},{"key":"ref41","year":"2020","journal-title":"Software Assurance Maturity Model (SAMM) A Guide to Building Security Into Software Development"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.09.006"},{"key":"ref43","author":"yin","year":"2016","journal-title":"Case Study Research Design and Methods"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8948470\/09268931.pdf?arnumber=9268931","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:55:10Z","timestamp":1639770910000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9268931\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":90,"URL":"https:\/\/doi.org\/10.1109\/access.2020.3040220","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}