Bachelor's Thesis John Nguyen

A Multivocal Literature Review of Current Tools for Increasing the Degree of Automation in the Development of Secure and Privacy Compliant Applications

Abstract

Nowadays, digitization is an integral part of our lives, where companies are processing more and more sensible data. However, rising cyber-threats pose a major risk to companies, forcing them to reassess software security and privacy. Moreover, constant change in customer requirements and environment leads to a predicament between functionality and security demands. Consequently, more demands are pushed into each iteration, displacing security and privacy concerns further behind and leading to the potential creation of security and privacy vulnerabilities. To encounter this problem, the approach of tool-supported security automation attracts ever-increasing attention.

For this reason, an overview of practical security automation tools contributes valuable aspects to researchers from academia and industry. Thus, we investigate in a multiperspective view of security and privacy automation tools. Through the conduction of a multivocal literature review, we examine the state-of-theart and practice of current security automation tools. We first examine the motivation for incorporating tool-supported automation. Second, we develop a tool-classification matrix concerning two perspectives, a top-down view through abstract categories and a bottom-up approach through security activities. The final overview incorporates more than 300 tools with 18 categories and 119 security activities, showing that current research pays great attention to software development-related security activities. The bottom-up perspective illustrates how well the current tool landscape supports common security and privacy activities, while the top-down view expresses major research concepts. Additionally, our literature review identifies that researchers recognize scalability and trackability as compelling drivers for implementing security automation.