Research On The Influence Factors And Behavior Of Secure Software Development Assimilation

As the use of the Internet becoming more pervasive, the importance of developing secure software increases. Because of poor secure software development processes and tools, resulting software products have a large number of vulnerabilities. These vulnerabilities are misused or exploited by unconscious users or attackers. Secure Software Development (SSD) can improve the safety of software products effectively at source. Assimilation and behavioral research on secure software development can provide a theoretical basis for enterprises to implement related activities, and then improve the efficiency of secure software development assimilation in enterprises.Firstly, based on the existing research and features of secure software development, this paper proposed a three-stages model of secure software development assimilation. Then, drawing upon Technology-Organization-Environment (TOE) framework and Iacovou et al. model (Iacovou, Benbasat, and Dexter model), this paper identified factors in perceived benefits, technological, organizational and environmental context and build a multi-stage assimilation factors model of secure software development. After that, this paper proposed hypotheses according to previous studies, collected 75 valid questionnaires, and tested the model and hypothesis using a Partial Least Squares analysis methodology. Finally, according to the research results above and the previous studies of software process improvement, this paper analyzed key behavior of behavior subjects in the process of secure software development assimilation, and use the approach of multiple case study to test the key behavior of frontline staff.The empirical research results showed various critical factors during different stages of secure software development assimilation. Specifically, technology capacity, organization size and regulation environment are positively related to the initiation of secure software development; technology capacity and organization size are positively related to the adoption of secure software development; technology capacity, organization size, top management support and business partners influence are positively related to the routinization of secure software development; managerial obstacles are negatively related to the routinization of secure software development. This research conducted the empirical study on secure software development assimilation at the firm level, which not only enriched the research in the field of secure software development, but also enriched the research in the field of information technology adoption and assimilation. The result of this research provides a theoretical support to business management practices, and helps enterprises to carry out related activities efficiently and smoothly.