Software Security Estimation Using the Hybrid Fuzzy ANP-TOPSIS Approach: Design Tactics Perspective

Abstract

Increasing the number of threats against software vulnerabilities and rapidly growing data breaches have become a key concern for both the IT industry and stakeholders. Developing secure software systems when there is a high demand for software products from individuals as well as the organizations is in itself a big challenge for the designers and developers. Meanwhile, adopting traditional and informal learnings to address security issues of software products has made it easier for cyber-criminals to expose software vulnerabilities. Hence, it is imperative for the security practitioners to employ a symmetric mechanism so as to achieve the desired level of software security. In this context, a decision-making approach is the most symmetrical technique to assess the security of software in security tactics perspective. Since the security tactics directly address the quality attribute concerns, this symmetric approach will be highly effective in making the software systems more secure. In this study, the authors have selected three main attributes and fifteen sub-attributes at level 1 and level 2, respectively, with ten different software of an institute as alternatives. Furthermore, this study uses a fuzzy-based symmetrical decision-making approach to assess the security of software with respect to tactics. Fuzzy Analytic Network Process (F-ANP) is applied to evaluate the weights of criteria and fuzzy-Symmetrical technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is used to determine impact of alternatives. The proposed symmetrical assessment in this study will be beneficial for both the designers and developers to categorize and prioritize the security attributes and understand the importance of security tactics during software development life cycle.