Article Preview
TopIntroduction
Computer software should satisfy two types of requirements in the application domain namely functional and non-functional requirements. Both are equally important to be satisfied regardless of their operational industry domain. Moreover, software quality has been described by many characteristic aspects. There are several metrics for software quality that can be used to evaluate the qualities of software such as scalability, security, reliability, and usability (Gorton, 2011). Among all these quality metrics, software security has been described as one of the most significant quality attribute (Stephenson et al., 1992) since, a security vulnerability can be a cause of a huge disaster which can lose billion dollars of assets (Willetts, 2014) to an organization or even lives (Csulak et al., 2017). Generally, functional issues in a software which can be considered as causing defects in software are possible to be tested and validated by executing test scenarios of the business logic. However, non-functional issues which can be considered as causing vulnerability in the software are difficult to identify since it may not get exposed by the execution of predetermined test scenarios (Zimmermann et al., 2010; Krsul, 1998). It should be noted that the term ‘software vulnerability’ is mainly referred to in the computing domain concerning a security flaw, glitch, or weakness found in software or in an operating system (OS) that can lead to security concerns.
Although many Computer-Aided Software Engineering (CASE) tools are available, humans still dominate as the core contributors of the software development process. To this end, it is an inevitably applicable scenario that software is vulnerable to functional and non-functional defects due to human mistakes. Software defects and vulnerabilities have many similarities since both are incurred due to human mistakes. However, vulnerabilities differ from defects since they are actively observed by the attackers with malicious and criminal intent while defects are exposed through the valid use cases of its normal usage (Krsul, 1998). The vulnerability of a software application could occur at any stage of the software development life cycle and may be introduced due to various reasons such as invalid requirement specification, weak architectural designs, weak and vulnerable implementation techniques, and algorithms and weak test scenarios executed. In this study, the focus is scoped on vulnerabilities that the developer has caused or contributed to source code of the software. Each software developer has a unique skill level, experience, capacity, technology interests, domain interests, and many other characteristics which can affect the overall quality of the software positively or negatively that he/she develops.