Decision Support Model for Source Code Audit: A Case Study
source code audit, programa, AHP-FUZZY, information security
With the growing demand in the software development market and increasingly tight deadlines driven by agile methodologies, the associated risks to these software have increased in recent years. Cybercriminals exploit security, quality, and compliance vulnerabilities to commit cybercrimes against companies, resulting in financial losses and damage to the organizations’ reputation. Therefore, it is essential for companies involved in the development and supply of such software to understand how to identify and prioritize issues that require immediate attention.
In the literature, it was observed that existing studies address software risks in isolation and do not provide a consolidated view of these risks, lacking a model to assist in decisionmaking to prioritize which risk and which part of the software need to be addressed urgently.
In response to this challenge, this study aimed to understand the risks involved and explore the methods, techniques, and tools available for validating these risks in market software. After identifying the risks, methods, techniques, and tools were applied to the software, validating the presence of these risks. Upon confirming the existence of the risks, the FAHP multicriteria decision support method was used to assist in risk classification, determining which part of the software and which risk should be prioritized first.
The results indicated that, among the nine software modules, the Web module with 34.57%, combined with the Vulnerability risk with 50.35%, needs to be prioritized. This decision support model emerges as a contribution to decision-making, especially in the field of software engineering.