Author(s): Mazni binti Mohamed Jakeri, Mohd Fadzil Hassan, Aliza Sarlan, Amirudin Abdul Wahab
The checklist has been published and used by organisations as a guideline to track and monitor the practices applied in the software development process. This paper discussed the Goal Question Metric (GQM) approach in developing, measuring, and evaluating the security tasks for the security checklist implementation for one of the selected security activities in the design phase in the secure software development life cycle (SSDLC). The security checklist was developed by adapting security tasks from various resources to achieve the security activity’s goal. The security checklist has been applied in the multiple-case study in the in-house web-based development teams in the Malaysian public sector to measure and evaluate the implementation of the security tasks. The findings indicated that additional steps need to be taken in order to maximise the number of security tasks performed and achieve its goals.