Authors : Adetayo Adeyinka

Volume/Issue : Volume 9 - 2024, Issue 5 - May

Google Scholar : https://tinyurl.com/yc52xj7r

Scribd : https://tinyurl.com/rx55xst9

DOI : https://doi.org/10.38124/ijisrt/IJISRT24MAY2349

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Application security has become increasingly important as organizations digitally transform and rely more on software to operate. However, balancing security with competing development priorities like speed and new features presents ongoing challenges for program managers responsible for overseeing application projects. This study explored the perspectives of 10 cybersecurity program managers through interviews to understand their approaches to security governance and the common obstacles faced. Key challenges included pressuring developers focused on rapid delivery to also consider threats, limited security testing resources, and difficulty prioritizing among risks. However, establishing security requirements early in planning and integrating validation checks directly into workflows helped shift security left. Close collaboration between functions and leadership support for proper training and staffing also aided prioritization. While generalizability was limited, data saturation was reached on major themes. Establishing security guidelines upfront aligned with frameworks, yet deeper cultural changes may still be needed at firms resistant to oversight. Metrics and skills shortages also require attention. The research validated the pivotal role of program managers and provided insights into both barriers and effective practices, with implications for process improvements and leadership support to strengthen application defences.

Keywords : Application Security, Software Development, Program Management, Security Governance, Risk Management.

References :

1. Aljabri, M., Aldossary, M., Al-Homeed, N., Alhetelah, B., Althubiany, M., Alotaibi, O., & Alsaqer, S. (2022). Testing and Exploiting Tools to Improve OWASP Top Ten Security Vulnerabilities Detection. 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), 797-803.
2. Bilgihan, A., Kandampully, J., & Zhang, T. (2016). Towards a unified customer experience in online shopping environments: Antecedents and outcomes. International Journal of Quality and Service Sciences, 8(1), 102-119.
3. Fischer, R. J., Fischer, R., Halibozek, E., Halibozek, E. P., & Walters, D. (2012). Introduction to security. Butterworth-Heinemann.
4. Forte, V. (2021). Automatic Binary Analysis and Instrumentation of Embedded Firmware for a Control-Flow Integrity Solution.
5. George, A. S. (2023). Evolving with the Times: Renaming the IT Department to Attract Top Talent. Partners Universal International Innovation Journal, 1(5), 21-46.
6. Grance, T., Hash, J., & Stevens, M. (2004). Security considerations in the information system development life cycle. US Department of Commerce, Technology Administration, National Institute of Standards and Technology.
7. Häyrynen, E. (2020). Evaluation of state-of-the-art web application vulnerability scanners.
8. Howard, M., & Lipner, S. (2006). The security development lifecycle (Vol. 8). Redmond: Microsoft Press.
9. Kalakota, R., & Robinson, M. (2000). e-Business. Roadmap for Success.
10. Kennedy, D., O'gorman, J., Kearns, D., & Aharoni, M. (2011). Metasploit: the penetration tester's guide. No Starch Press.
11. Kerzner, H. (2017). Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.
12. Lorona, N. (2023). Strategies Employed by Project Managers when Adopting Agile DevSecOps to Manage Software Development in the DoD. Doctoral dissertation, Colorado Technical University.
13. Mack, N., & Woodsong, C. (2005). Qualitative research methods.
14. Moore, T., Dynes, S., & Chang, F. R. (2016). Identifying how firms manage cybersecurity investment. Workshop on the Economics of Information Security (WEIS), 1-27.
15. Nilsson, M. (2019). A Comparative Case Study on Tools for Internal Software Quality Measures.
16. Pan, Y. (2019). Interactive application security testing. In 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA), 558-561.
17. Radaelli, G., Spyridonidis, D., & Currie, G. (2024). Platform evolution in large inter‐organizational collaborative research programs. Journal of Operations Management, 70(1), 22-49.
18. Solove, D. J., & Hartzog, W. (2022). Breached!: Why data security law fails and how to improve it. Oxford University Press.
19. Too, E. G., & Weaver, P. (2014). The management of project management: A conceptual framework for project governance. International journal of project management, 32(8), 1382-1394.
20. Viega, J., & Messier, M. (2003). Secure programming cookbook for C and C++: recipes for cryptography, authentication, input validation & more. O'Reilly Media, Inc.
21. Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), 101-105.