TIM-8340 v2

Zahedi, M. H., Kashanaki, A. R., & Farahani, E. (2023). Risk management framework in Agile software development methodology. International Journal of Electrical & Computer Engineering (2088-8708), 13(4), 4379–4387. https://doi.org/10.11591/ijece.v13i4.pp4379-4387
The authors proposed a framework that states the necessary measures for risk management according to the ISO31000 standard at each stage of the Agile methodology.

Pilliang, M., & Munawar. (2022). Risk management in software development projects a systematic literature review. Khazanah Informatika: Jurnal Ilmu Komputer Dan Informatika, 8(2), 118–131. https://doi.org/10.23917/khif.v8i2.17488
This paper takes a systematic approach to reviewing articles containing risk management in software development projects.

Seffe, N. S., Odzaly, E. E., & Samah, K. A. F. A. (2024). Data-driven strategies for enhanced risk management performance in software development perspective: An agile implementation. 2024 IEEE 22nd Student Conference on Research and Development (SCOReD), Research and Development (SCOReD), 2024 IEEE 22nd Student Conference On, 122–127. https://doi.org/10.1109/SCOReD64708.2024.10872763
This research presents a machine learning-based risk management model using Decision Trees to enhance risk identification, assessment, and mitigation in dynamic Agile software development projects.

Jadhav, A., Kaur, M., & Akter, F. (2022). Evolution of software development effort and cost estimation techniques: Five decades study using automated text mining approach. Mathematical Problems in Engineering, 1–17. https://doi.org/10.1155/2022/5782587
The authors investigate software development effort and cost estimation (SDECE), which is one of the most important tasks in the field of software engineering.

Khan, H. U., Khan, R. A., Alwageed, H. S., Almagrabi, A. O., Ayouni, S., & Maddeh, M. (2025). AI-driven cybersecurity framework for software development based on the ANN-ISM paradigm. Scientific Reports, 15(1), 1–45. https://doi.org/10.1038/s41598-025-97204-y
This study proposes an AI-based ANN-ISM cybersecurity framework to improve secure coding, threat detection, and risk management across varying software development maturity levels.

Ahmed, M., Ibrahim, N. B., Nisar, W., Ahmed, A., Junaid, M., Flores, E. S., & Anand, D. (2024). A hybrid model for improving software cost estimation in global software development. Computers, Materials & Continua, 78(1), 1399–1422. https://doi.org/10.32604/cmc.2023.046648
The authors proposed a hybrid model that integrates additional GSD-based cost drivers identified through a systematic literature review and further vetted by industry experts.

Zhou, X., Mao, R., Zhang, H., Dai, Q., Huang, H., Shen, H., Li, J., & Rong, G. (2023). Revisit security in the era of DevOps: An evidence‐based inquiry into DevSecOps industry. IET Software (Wiley-Blackwell), 17(4), 435–454. https://doi.org/10.1049/sfw2.12132
The authors classify the interpretations of DevSecOps into three core aspects of DevSecOps capabilities: cultural enablers, and technological enablers.

Shariq Hussain, S., Anwaar, H., Sultan, K., Mahmud, U., Farooqui, S., Karamat, T., & Kalil Toure, I . K. (2024, February 21). Mitigating software vulnerabilities through secure software development with a policy-driven waterfall model. Journal of Engineering, 2024. https://doi.org/10.1155/2024/9962691
In this paper, the authors propose a policy-driven waterfall model (PDWM) for secure software development describing key points related to security aspects in the software development process.

Siavvas, M., Tsoukalas, D., Kalouptsoglou, I., Manganopoulou, E., Manolis, G., Kehagias, D., & Tzovaras, D. (2023). Security monitoring during software development: An industrial case study. Applied Sciences, 13(12), 6872–6872. https://doi.org/10.3390/app13126872
This paper aims to highlight how cutting-edge security monitoring and optimization mechanisms can be adapted to a dedicated company's needs and used as a blueprint for constructing similar security monitoring platforms and pipelines.

Dwivedi, K., Haghparast, M., & Mikkonen, T. (2024). Quantum software engineering and quantum software development lifecycle: A survey. Cluster Computing, 27(6), 7127–7145. https://doi.org/10.1007/s10586-024-04362-1
This survey explores quantum software engineering, reviewing quantum computing fundamentals, programming languages, and software lifecycle development to support future applications like quantum AI and machine learning.

National Institute of Standards and Technology (2024). The NIST Cybersecurity Framework (CSF) 2.0. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.29
The NIST Cybersecurity Framework (CSF) 2.0 offers universal guidance to help organizations assess, prioritize, and communicate cybersecurity risks through high-level, non-prescriptive outcomes.

Souppaya, M., Scarfone, K., & Dodson, D. (2022). Secure software development framework (SSDF) version 1.1: Recommendations for mitigating the risk of software vulnerabilities (NIST Special Publication (SP) 800-218). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-218
The NIST 800-218 discusses SDLC best practices.

Booth, H., Souppaya, M., Vassilev, A., Ogata, M., Stanly, M., & Scarfone, K. (2022). Secure software development practices for generative ai and dual-use foundation models (NIST Special Publication (SP) 800-218A). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-218A
This document extends SSDF 1.1 by adding AI-specific practices, tasks, and guidance for secure AI model development across the software development life cycle.

Kempe, E., & Massey, A. (2021). Regulatory and security standard compliance throughout the software development lifecycle.
The authors perform a literature review to identify and discuss published regulations and compliance in SDLC.

Booth, H., Souppaya, M., Vassilev, A., Ogata, M., Stanley, M., & Scarfone, K. (2024). Secure software development practices for generative ai and dual-use foundation models: An SSDF community profile (NIST Special Publication (SP) 800-218A). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-218A
NIST addresses the emergent technology of Generative AI in the software life cycle.

Sodhi, B., & Kapur, R. (2021). Quantum computing platforms: Assessing the impact on quality attributes and SDLC activities. 2021 IEEE 18th International Conference on Software Architecture (ICSA), 80–91. https://doi.org/10.1109/ICSA51549.2021.00016
The authors discuss the impact of quantum computing platform (QCP) in software development.

Wee, A., Kudriavtseva, A., & Gadyatskaya, O. (2024). “Have heard of it”: A study with practitioners on adoption of secure software development frameworks. 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria, 2024, pp. 626-633, doi: 10.1109/EuroSPW61312.2024.00076.
A mixed-methods study reveals organizations prefer custom secure software development frameworks over standard ones due to flexibility and alignment with internal development practices.