Development of secure software

  • 1 Nikola Vaptsarov Naval Academy, Varna, Bulgaria


The main goal of this paper is to present methods and tools for secure software development. The process of creating secure software involves analysis, design and implementation based on multi criteria decision making risk assessment. The results of this study give readers some proposals how to produce secure software systems and conduct cost-benefit analysis.



  1. Agrawal, Manish, Alex Campoe, and Eric Pierce. Information Security and IT Risk Management. Hoboken, N.J: John Wiley and Sons, Inc, 2014.
  2. Andreev, E., M. Nikolova, and V. Radeva. "Educational NASA Project: Artificial Intelligence and Cybersecurity at a Mobile Lunar Base." Information & Security: An International Journal 46, no. 3 (2020): 321-333,
  3. Andreev, E., Radeva, V., Nikolova, M., 2021, Cybersecurity of information in space telemedicine, CEMA’21 conference, Athens, Greece, pp. 54-57, ISSN: 1314-2100
  4. Biener, C. ,M. Eling, and J. H. Wirfs, ―Insurability of cyber risk: an empirical analysis,‖ The Geneva Papers on Risk and Insurance—Issues and Practice, vol. 40, no. 1, pp. 131–158, 2015.
  5. Chockalingam, S.; Hadžiosmanovic’, D.; Pieters, W.; Teixeira, A.; van Gelder, P. Integrated safety and Security risk assessment methods: A survey of key characteristics and applications. In International Conference on Critical Information Infrastructures Security; Springer: Cham, Switzerland, 2016; pp. 50–62.
  6. Dey P.., Managing project risk using combined analytic hierarchy process and risk map., Applied Soft Computing 10 (2010) 990–1000. doi:10.1016/j.asoc.2010.03.010.
  7. Gorski, Peter & Lo Iacono, Luigi & Wiefling, Stephan & Möller, Sebastian. (2018). Warn if Secure or How to Deal with Security by Default in Software Development?.
  8. Holeček P., Talašová, J.: A free software tool implementing the fuzzy AHP method, Proceedings of the 34th International Conference on Mathematical Methods in Economics 2016, Liberec, Czech Republic, p. 266 – 271, ISBN 978-80-7494-296-9.
  9. Hausawi, Y.M., & Allen, W.H. (2015). Usable-Security Evaluation. HCI.
  10. Koleva, E., Lefterova, M., Nikolova, M., Automated information system for evaluation the stability of the ship, Communication, Electromagnetics and Medical Application, 2018- October, pp. 22-26. ISSN: 1314-2100, 85056254582&partnerID=40&md5=c56c1e2b795745e8b8772f60d 991d802
  11. Petrova V., Using the Analytic Hierarchy Process for LMS selection, CompSysTech '19: 20th International Conference on Computer Systems and Technologies, June 2019, Ruse, Bulgaria, Pages 332–336, ISBN: 978-1-4503-7149-0.
  12. Petrova V., The Hierarchical Decision Model of cybersecurity risk assessment., 12th National Conference with International Participation "Electronica 2021", May 27 - 28, 2021, Sofia, Bulgaria.
  13. Petrova V., A cybersecurity risk assessment, SOCIETY & ‖INDUSTRY 4.0‖, Vol. 6 (2021), Issue 1, pg(s) 37-40.
  14. Ram´ık, J., and Korviny, P.: Inconsistency of pair-wise comparison matrix with fuzzy elements based on geometric mean. Fuzzy Sets and Systems 161, 11 (2010), 1604–1613.
  15. Ram´ık, J., and Perzina, R.: Solving decision problems with dependent criteria by new fuzzy multicriteria method in Excel. Journal of Business and Management 3, 4 (2014), 1–16.
  16. Ruoti, Scott & Roberts, Brent & Seamons, Kent. (2015). Authentication Melee: A Usability Analysis of Seven Web Authentication Systems. 916-926. 10.1145/2736277.2741683.
  17. Saaty, T.L., 1980. The Analytic Hierarchy Process. McGraw-Hill, New York.
  18. Saaty T., Theory and Applications of the Analytic Network Process, RWS Publications, 2005.
  19. Saaty T., L. Vargas, Models, methods, concepts, and application of the analytic hierarchy process, New York: Springer, 2012.
  20. Santini, S., G. Gottardi, M. Baldi, F. Chiaraluce., A Data- Driven Approach to Cyber Risk Assessment. Data-Driven Cybersecurity, 2019.
  21. Sum, R., Risk Prioritisation Using The Analytic Hierarchy Process. Innovation and Analytics Conference and Exhibition (IACE 2015)AIP Conf. Proc. 1691, 030028-1–030028-8; doi: 10.1063/1.4937047.
  22. Tubis A., Sylwia Werbinska-Wojciechowska, Mateusz Góralczyk, Adam Wróblewski and Bartłomiej Zietek, Cyber- Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use. Sensors 2020, 20, 7210;
  23. Tuma, K.; Çalikli, G.; Scandariato, R. Threat analysis of software systems: A systematic literature review. J. Syst. Softw. 2018, 144, 275–294.
  24. Ugur Aksu M., M. Hadi Dilek, E. Islam Tatli et al., ―A quantitative CVSS-based cyber security risk assessment methodology for IT systems,‖ in Proceedings of the 2017 International Carnahan Conference on Security Technology, pp. 1– 8, ICCST, Madrid, Spain, October 2017.
  25. PN-ISO 31000:2018-08: Risk Management—Principles and Guidelines; Technical Committee ISO/TC 262. Available online:
  26. PKN-ISO Guide 73:2012L Risk Management— Terminology; Polish Committee for Standardization. Available online: pkn_2229185/.
  27. AHP_user_guide.pdf

Article full text

Download PDF