Guidelines for Systematic Mapping Studies in Security Engineering

Systematic mapping is a methodology that is frequently used in medical research and recently also in software engineering, but it is largely neglected in security engineering. Security engineering focuses on security aspects in the software development life cycle. Security engineering aims at protecting information and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. A systematic mapping study (SMS) provides a "map" of a research area by classifying papers and results based on relevant categories and counting the frequency of work in each of those categories. This chapter provides background on systematic mapping studies in software engineering. It overviews the published security engineering and presents guidelines for SMSs in security engineering aligned with the phases for conducting systematic mapping. The SMS approach in software engineering is based on a process presented in a recent comprehensive book on evidence-based software engineering, which takes experiences from previous more generic and more specific processes into account.