6. Research Limitations
Initially, we conducted SLR to study the relevant literature to find out the RE security practices to address the security risks faced by GSD organizations in the RE phase of the SDLC. In the conduction of SLR, the first author searched the literature with the help of a defined search string and completed the primary and final selection of the papers. In contrast, the second co-author reviewed the selection and data extraction processes. This process may be biased. To mitigate this risk, this paper’s third co-author carried out the inclusion, exclusion, quality assessment, and data extraction processes for a total of fifteen random studies selected from 121 final papers. In addition, we conducted the inter-rater reliability test with Software Engineering Research Group (University of Malakand) (SERG_UOM) experts. The findings demonstrate no major bias and that the data collected and the analysis are compatible.
As a second consideration, relevant published materials were likely overlooked throughout the data collection procedure. This shortcoming is not systematic, as our investigation includes 121 representative literature items [48, 60]. The questionnaire survey method has been implemented to conduct an empirical investigation of the identified RE security practices with the assistance of GSD industry experts in the SSD domain. When developing survey instruments, there is always the possibility of encountering a risk. This concern was mitigated by piloting and evaluating the development questionnaire with ”Software Engineering Research Group (SERG UOM) Pakistan”, ”King Fahd University of Petroleum and Minerals, Saudi Arabia”, and ”Qatar University, Doha, Qatar.”
For the third concern, the ISM approach findings are based on thirteen experts’ decisions, which may be a tiny data set. This is because these investigations are subjective, and other studies [43, 47] have also used a small data set for this analysis. As a result, the outcomes of the ISM technique are generalizable.