Leveraging the power of SQA to enhance software security

Abstract

Software security is a growing concern for all ICT organizations since security breaches continue to make headline news. Since the Software Quality Assurance (SQA) professionals are responsible for validating the adherence to software product standards, processes, and procedures, getting them involved can help to solve most of the problem that harms most software development organizations today. Most of the experts involved in the software security industry spend much time discussing how to create secure software. Still, only a few explain how to achieve the goal of successful software security testing. As a result, SQA professionals face many problems in today's dynamic software environments. Organizations pressure them to certify software systems for security, but give little or no detailed advice on how to achieve that objective. It is essential to identify those problems and take the necessary actions to overcome those problems to thrive in the competitive business market so that this research intention is to find out a strategy that can use to develop the security testing mindset of SQA professionals by identifying the significant problems they are facing in software security testing and providing suitable suggestions/recommendations to overcome those problems. For the research, we used qualitative content analysis research methodology. The survey questionnaires and interviews were conducted to collect data. The preliminary survey was conducted to determine the list of problems that SQA professionals face in software security testing. With the results of the initial study, an online survey was distributed to filter out significant problems. The online survey was shared among different leading IT companies. Lack of specialized SQA people in security testing, Budget, Lack of knowledge about security testing fundamentals, Lack of detailed information and advice, and No security testing training were some of the significant problems identified during the survey. With the results of the survey, a set of follow up interviews been carried with several senior SQA experts to sees their perspective on identified problems. Form a dedicated QA security taskforce to develop and retain the security testing mindset among SQA professionals, Maintain a security testing knowledge portal, Allocate sufficient funds in the budget to provide proper SQA resources and Familiarize and adapt security testing fundamentals, protocols, tools, and methods to fit within existing processes were some of the suggestions made by the domain experts, which they have successfully tried while addressing those problems. This research delivers several valuable results that can be useful for SQA professionals to grow in software security testing gradually. By properly adopting the strategy, we expect to develop the security testing mindset of SQA professionals inside the organization as well as the industry as a whole. Improved SQA professionals will enhance software security.