{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T02:03:20Z","timestamp":1773885800441,"version":"3.50.1"},"reference-count":57,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Nigerian Petroleum Technology Development Fund (PTDF)","award":["57473408"],"award-info":[{"award-number":["57473408"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>In the field of software development, the efficient prioritizing of software risks was essential and play significant roles. However, finding a viable solution to this issue is a difficult challenge. The software developers have to adhere strictly to risk management practice because each phase of SDLC is faced with its individual type of risk rather than considering it as a general risk. Therefore, this study proposes an adaptive neuro-fuzzy inference system (ANFIS) for selection of appropriate risk factors in each stages of software development process. Existing studies viewed the SDLC\u2019s Security risk assessment (SRA) as a single integrated process that did not offer a thorough SRA at each stage of the SDLC process, which resulted in unsecure software development. Hence, this study identify and validate the risk factors needed for assessing security risk at each phase of SDLC. For each phase, an SRA model based on an ANFIS was suggested, using the identified risk factors as inputs. For the logical representation of the fuzzification as an input and output variables of the SRA risk factors for the ANFIS-based model employing the triangular membership functions. The proposed model utilized two triangular membership functions to represent each risk factor\u2019s label, while four membership functions were used to represent the labels of the target SRA value. Software developers chose the SRA risk factors that were pertinent in their situation from the proposed taxonomy for each level of the SDLC process as revealed by the results. As revealed from the study\u2019s findings, knowledge of the identified risk factors may be valuable for evaluating the security risk throughout the SDLC process.<\/jats:p>","DOI":"10.3390\/fi14110305","type":"journal-article","created":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T09:59:37Z","timestamp":1666778377000},"page":"305","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Identification of Risk Factors Using ANFIS-Based Security Risk Assessment Model for SDLC Phases"],"prefix":"10.3390","volume":"14","author":[{"given":"Rasheed Gbenga","family":"Jimoh","sequence":"first","affiliation":[{"name":"Department of Computer Science, Faculty of Information and Communication Sciences, University of Ilorin, Ilorin 240003, Nigeria"}]},{"given":"Olayinka Olufunmilayo","family":"Olusanya","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Tai Solarin University of Education, Ijagun 120101, Nigeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1020-4432","authenticated-orcid":false,"given":"Joseph Bamidele","family":"Awotunde","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Faculty of Information and Communication Sciences, University of Ilorin, Ilorin 240003, Nigeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8921-8353","authenticated-orcid":false,"given":"Agbotiname Lucky","family":"Imoize","sequence":"additional","affiliation":[{"name":"Department of Electrical and Electronics Engineering, Faculty of Engineering, University of Lagos, Akoka, Lagos 100213, Nigeria"},{"name":"Department of Electrical Engineering and Information Technology, Institute of Digital Communication, Ruhr University, 44801 Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8918-1703","authenticated-orcid":false,"given":"Cheng-Chi","family":"Lee","sequence":"additional","affiliation":[{"name":"Research and Development Center for Physical Education, Health, and Information Technology, Department of Library and Information Science, Fu Jen Catholic University, New Taipei 24205, Taiwan"},{"name":"Department of Computer Science and Information Engineering, Asia University, Taichung 41354, Taiwan"}]}],"member":"1968","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Sahu, K., Alzahrani, F.A., Srivastava, R.K., and Kumar, R. (2020). Hesitant fuzzy sets based symmetrical model of decision-making for estimating the durability of Web application. Symmetry, 12.","DOI":"10.3390\/sym12111770"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"106954","DOI":"10.1016\/j.ress.2020.106954","article-title":"A case study of agile software development for safety-Critical systems projects","volume":"200","author":"Islam","year":"2020","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_3","first-page":"56","article-title":"A brief overview of software reuse and metrics in software engineering","volume":"122","author":"Imoize","year":"2019","journal-title":"World Sci. News"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Awotunde, J.B., Ayo, F.E., Ogundokun, R.O., Matiluko, O.E., and Adeniyi, E.A. (2020, January 1\u20134). Investigating the roles of effective communication among stakeholders in collaborative software development projects. Proceedings of the International Conference on Computational Science and Its Applications, Cagliari, Italy.","DOI":"10.1007\/978-3-030-58817-5_24"},{"key":"ref_5","first-page":"213","article-title":"Risk Factors in Software Development Phases","volume":"10","author":"Hijazi","year":"2014","journal-title":"Eur. Sci. J."},{"key":"ref_6","first-page":"1247","article-title":"Risk management perspective in SDLC","volume":"4","author":"Sahu","year":"2014","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Awotunde, J.B., Misra, S., Adeniyi, A.E., Abiodun, M.K., Kaushik, M., and Lawrence, M.O. (2022, January 4\u20137). A Feature Selection-Based K-NN Model for Fast Software Defect Prediction. Proceedings of the International Conference on Computational Science and Its Applications, Malaga, Spain.","DOI":"10.1007\/978-3-031-10542-5_4"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Behera, P.C., Dash, C., and Pareek, P.K. (2021). A Novel Approach for Improving Security in Software Development in Small Software Firms: A Literature Review. Emerging Technologies in Data Mining and Information Security, Springer.","DOI":"10.1007\/978-981-15-9774-9_64"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"106407","DOI":"10.1016\/j.infsof.2020.106407","article-title":"Integrated framework for incorporating sustainability design in software engineering life-cycle: An empirical study","volume":"129","author":"Saputri","year":"2020","journal-title":"Inf. Softw. Technol."},{"key":"ref_10","first-page":"1","article-title":"Integrating Risk Management in System Development Cycle","volume":"8","author":"Unuakhalu","year":"2014","journal-title":"Int. J. Softw. Web Sci."},{"key":"ref_11","first-page":"2296","article-title":"A Methodology for Incorporating Quality Assurance Practices during Software Development Life Cycle","volume":"10","author":"Laaraib","year":"2021","journal-title":"Int. J."},{"key":"ref_12","first-page":"22","article-title":"Risk Management in Software Development using Artificial Neural Networks","volume":"93","author":"Gandhi","year":"2014","journal-title":"Int. J. Comput. Appl."},{"key":"ref_13","first-page":"39","article-title":"Recent Trends on the Application of Cost-Effective Economics Principles to Software Engineering Development","volume":"6","author":"Imoize","year":"2020","journal-title":"Int. J. Inf. Secur. Softw. Eng."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"19139","DOI":"10.1109\/ACCESS.2021.3052311","article-title":"Systematic mapping study on security approaches in secure software engineering","volume":"9","author":"Khan","year":"2021","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Dodson, D., Souppaya, M., and Scarfone, K. (2020). Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (ssdf).","DOI":"10.6028\/NIST.CSWP.04232020"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Shameem, M., Kumar, C., Chandra, B., and Khan, A.A. (2017, January 4\u20138). Systematic review of success factors for scaling agile methods in global software development environment: A client-vendor perspective. Proceedings of the 2017 24th Asia-Pacific Software Engineering Conference Workshops (APSECW), Nanjing, China.","DOI":"10.1109\/APSECW.2017.22"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Vochitoiu, H., Vedinas, F., Miclea, O., and Unguras, C.L. (2020, January 25\u201327). Risk Management as a Part of the Business Process in Corporate Firms. Proceedings of the International Conference \u201cNew Technologies, Development and Applications\u201d, Sarajevo, Bosnia and Herzegovina.","DOI":"10.1007\/978-3-030-46817-0_109"},{"key":"ref_18","first-page":"6","article-title":"Ethical Issues and Policies in Software Engineering","volume":"6","author":"Imoize","year":"2020","journal-title":"Int. J. Inf. Secur. Softw. Eng."},{"key":"ref_19","first-page":"23","article-title":"Neuro-Fuzzy based Software Risk Estimation Tool","volume":"13","author":"Pooja","year":"2013","journal-title":"Glob. J. Comput. Sci. Technol. Softw. Data Eng."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"110537","DOI":"10.1016\/j.jss.2020.110537","article-title":"A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach","volume":"163","author":"Casola","year":"2020","journal-title":"J. Syst. Softw."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"101827","DOI":"10.1016\/j.cose.2020.101827","article-title":"Riskio: A serious game for cyber security awareness and education","volume":"95","author":"Hart","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/j.eij.2020.08.001","article-title":"Adopting security maturity model to the organizations\u2019 capability model","volume":"22","author":"Helal","year":"2021","journal-title":"Egypt. Inform. J."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Rindell, K., Bernsmed, K., and Jaatun, M.G. (2019, January 26\u201329). Managing security in software: Or: How I learned to stop worrying and manage the security technical debt. Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK.","DOI":"10.1145\/3339252.3340338"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Nguyen, J., and Dupuis, M. (2019, January 3\u20135). Closing the feedback loop between ux design, software development, security engineering, and operations. Proceedings of the 20th Annual SIG Conference on Information Technology Education, Tacoma, WA, USA.","DOI":"10.1145\/3349266.3351420"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s10207-020-00515-6","article-title":"A quantitative assessment of security risks based on a multifaceted classification approach","volume":"20","author":"Jouini","year":"2021","journal-title":"Int. J. Inf. Secur."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Akbar, M.A., Shameem, M., Ahmad, J., Maqbool, A., and Abbas, K. (2018, January 12\u201313). Investigation of Project Administration related challenging factors of Requirements Change Management in global software development: A systematic literature review. Proceedings of the 2018 International Conference on Computing, Electronic and Electrical Engineering (ICE Cube), Quetta, Pakistan.","DOI":"10.1109\/ICECUBE.2018.8610966"},{"key":"ref_27","unstructured":"Podari, Z., Arbain, A.F., Ibrahim, N., and Sudarmilah, E. (2020, January 21\u201322). Risk Mitigation Framework for Agile Global Software Development. Proceedings of the International Conference of Reliable Information and Communication Technology, Langkawi, Malaysia."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1016\/j.jss.2017.06.069","article-title":"Be more familiar with our enemies and pave the way forward: A review of the roles bugs played in software failures","volume":"133","author":"Wong","year":"2017","journal-title":"J. Syst. Softw."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Akinsola, J.E., Ogunbanwo, A.S., Okesola, O.J., Odun-Ayo, I.J., Ayegbusi, F.D., and Adebiyi, A.A. (2020, January 14\u201316). Comparative analysis of software development life cycle models (SDLC). Proceedings of the Computer Science On-line Conference, Jeju, Korea.","DOI":"10.1007\/978-3-030-51965-0_27"},{"key":"ref_30","unstructured":"Magableh, A.A., and Alsobeh, A.M.R. (2018, January 25\u201326). Aspect-Oriented Software Security Development Life Cycle (AOSSDLC). Proceedings of the CS & IT Conference Proceedings, Dubai, United Arab Emirates."},{"key":"ref_31","first-page":"8887","article-title":"SDLC Model Selection Tool and Risk Incorporation","volume":"975","author":"Agarwal","year":"2017","journal-title":"Int. J. Comput. Appl."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"5678","DOI":"10.48084\/etasr.3440","article-title":"Software Risk Analysis with the use of Classification Techniques: A Review","volume":"10","author":"Khan","year":"2020","journal-title":"Eng. Technol. Appl. Sci. Res."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Mohammad, A., Alqatawna, J.F., and Abushariah, M. (2017, January 17\u201318). Secure software engineering: Evaluation of emerging trends. Proceedings of the 2017 8th International Conference on Information Technology (ICIT), Amman, Jordan.","DOI":"10.1109\/ICITECH.2017.8079952"},{"key":"ref_34","first-page":"389","article-title":"Strength and Weakness of Software Risk Assessment Tools","volume":"8","author":"Sharif","year":"2014","journal-title":"Int. J. Softw. Eng. Its Appl."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"e2269","DOI":"10.1002\/smr.2269","article-title":"Toward ontology-based risk management framework for software projects: An empirical study","volume":"32","author":"Abioye","year":"2020","journal-title":"J. Softw. Evol. Process"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Jackson, A.B., Jackson, T., and Jackson, K.B. (2020, January 17\u201330). Chronology of continuous improvement of the world\u2019s best FMECA standard. Proceedings of the 2020 Annual Reliability and Maintainability Symposium (RAMS), Palm Springs, CA, USA.","DOI":"10.1109\/RAMS48030.2020.9153615"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.oceaneng.2019.02.048","article-title":"A systematic Failure Mode Effects and Criticality Analysis for offshore wind turbine systems towards integrated condition based maintenance strategies","volume":"176","author":"Scheu","year":"2019","journal-title":"Ocean. Eng."},{"key":"ref_38","first-page":"99","article-title":"Imeca-based technique for security assessment of private communications: Technology and training","volume":"35","author":"Androulidakis","year":"2016","journal-title":"Inf. Secur."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Babeshko, I., Illiashenko, O., Kharchenko, V., and Leontiev, K. (2022). Towards Trustworthy Safety Assessment by Providing Expert and Tool-Based XMECA Techniques. Mathematics, 10.","DOI":"10.3390\/math10132297"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Oleg, I., Vyacheslav, K., and Andriy, K. (2013, January 27\u201330). Cyber security lifecycle and assessment technique for FPGA-based I & C systems. Proceedings of the East-West Design & Test Symposium (EWDTS 2013), Rostov on Don, Russia.","DOI":"10.1109\/EWDTS.2013.6673155"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Kumar, R., Schivo, S., Ruijters, E., Yildiz, B.M., Huistra, D., Brandt, J., and Stoelinga, M. (2018, January 14\u201321). Effective analysis of attack trees: A model-driven approach. Proceedings of the International Conference on Fundamental Approaches to Software Engineering, Thessaloniki, Greece.","DOI":"10.1007\/978-3-319-89363-1_4"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"100219","DOI":"10.1016\/j.cosrev.2019.100219","article-title":"A review of attack graph and attack tree visual syntax in cyber security","volume":"35","author":"Lallie","year":"2020","journal-title":"Comput. Sci. Rev."},{"key":"ref_43","unstructured":"Mutlu, B.O., Kestor, G., Manzano, J., Unsal, O., Chatterjee, S., and Krishnamoorthy, S. (2018, January 17\u201320). Characterization of the impact of soft errors on iterative methods. Proceedings of the 2018 IEEE 25th International Conference on High Performance Computing (HiPC), Bengaluru, India."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11761-013-0139-1","article-title":"A web services vulnerability testing approach based on combinatorial mutation and soap message mutation","volume":"8","author":"Chen","year":"2014","journal-title":"Serv. Oriented Comput. Appl."},{"key":"ref_45","unstructured":"Schoenfield, B., Ransome, J., and Misra, A. (2014). Applying the SDL Framework to the Real World. Core Software Security: Security at the Source, CRC Press."},{"key":"ref_46","unstructured":"Gonzalez, D. (2021). The State of Practice for Security Unit Testing: Towards Data Driven Strategies to Shift Security into Developer\u2019s Automated Testing Workflows. [Ph.D. Thesis, Rochester Institute of Technology]."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"103431","DOI":"10.1016\/j.csi.2020.103431","article-title":"Risk management in the software life cycle: A systematic literature review","volume":"71","author":"Masso","year":"2020","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Liu, D., Wang, Q., and Xiao, J. (2009, January 15\u201316). The role of software process simulation modeling in software risk management: A systematic review. Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement, Washington, DC, USA.","DOI":"10.1109\/ESEM.2009.5315982"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"352","DOI":"10.7763\/IJET.2012.V4.381","article-title":"A risk assessment tool using a CMMI Quantitative Approach","volume":"4","author":"Choetkiertikul","year":"2012","journal-title":"IACSIT Int. J. Eng. Technol."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Iranmanesh, S.H., Khodadadi, S.B., and Taheri, S. (2009, January 6\u20139). Risk Assessment of Software Projects Using Fuzzy Interface System. Proceedings of the International Conference on Computing and Industrial Engineering (CIE), Troyes, France.","DOI":"10.1109\/ICCIE.2009.5223859"},{"key":"ref_51","first-page":"191","article-title":"STORE: Security threat oriented requirements engineering methodology","volume":"34","author":"Ansari","year":"2018","journal-title":"J. King Saud Univ.\u2014Comput. Inf. Sciences"},{"key":"ref_52","first-page":"7048","article-title":"Security risks in the software development lifecycle","volume":"8","author":"Alenezi","year":"2019","journal-title":"Int. J. Recent Technol. Eng."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Barabanov, A.V., Markov, A.S., Grishin, M.I., and Tsirlov, V.L. (2018, January 17\u201319). Current taxonomy of information security threats in software development life cycle. Proceedings of the 2018 IEEE 12th International Conference on Application of Information and Communication Technologies (AICT), Almaty, Kazakhstan.","DOI":"10.1109\/ICAICT.2018.8747065"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Mohino, J.D.V., Higuera, B., and Montalvo, J.A.S. (2019). The application of a new secure software development life cycle (S-SDLC) with agile methodologies. Electronics, 8.","DOI":"10.3390\/electronics8111218"},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"4811","DOI":"10.1109\/ACCESS.2017.2787981","article-title":"Improving the quality of software development process by introducing a new methodology\u2013AZ-model","volume":"6","author":"Akbar","year":"2017","journal-title":"IEEE Access"},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"5333","DOI":"10.1002\/sec.1700","article-title":"The practice of secure software development in SDLC: An investigation through existing model and a case study","volume":"9","author":"Karim","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_57","first-page":"1471","article-title":"Evaluating the impact of prediction techniques: Software reliability perspective","volume":"67","author":"Sahu","year":"2021","journal-title":"Comput. Mater. Contin."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/11\/305\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:03:20Z","timestamp":1760144600000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/11\/305"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":57,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2022,11]]}},"alternative-id":["fi14110305"],"URL":"https:\/\/doi.org\/10.3390\/fi14110305","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10,26]]}}}