Assessing the Methods and Difficulties of Incorporating Software Security Testing into System Development Process in Tanzania's Public Sector

Author's Information:

Stephen M. Wangwe

Personal Data Protection Commission (PDPC), Dodoma, Tanzania

George S. Oreku

Open University of Tanzania (OUT), Dar Es Salaam, Tanzania

Vol 03 No 01 (2026):Volume 03 Issue 01 January 2026

Page No.: 28-43

Crossref DOI: https://doi.org/10.55677/CRAJ/03-2026-Vol03I01 | Published: 15 January, 2026 | | Google Scholar | Google

Abstract:

In recent years, the public sector in Tanzania, like many others globally, has continued to embrace digital transformation, facilitating the modernization of online public services and enhancing government operations. However, the complexity and interconnectedness of these systems raise concerns about their vulnerability to cyber threats, as security testing is often neglected during the development process. This oversight can lead to the deployment of systems with security flaws that compromise data, disrupt services, and erode public trust. While previous studies have focused on integrating security into the software development life cycle, none has specifically evaluated the challenges of embedding security testing into public sector systems. Therefore, this study aims to fill this gap by examining the current practices and challenges of integrating security testing early in the development lifecycle within Tanzania's public sector. Using a mixed-method approach, data were collected from 104 ICT managers, security officers, software developers, and systems administrators through surveys, with analysis focusing on practices and perceptions using descriptive statistics. The findings reveal that only 6.7% of public organizations have fully integrated security testing, while over 38% report little to no integration, highlighting significant gaps that leave systems vulnerable to cyber threats. Satisfaction with current security testing integration is low, with over 60% of respondents dissatisfied, indicating substantial challenges in implementing effective practices. Key obstacles identified include a lack of skilled personnel, inadequate resources, time constraints, and insufficient management support, indicating a need for targeted interventions. Hence, the study points out key recommendations to address this gap.

KeyWords:

Software Security, Software Development, Software Testing, Public Sector

References:

  1. Pallangyo, Hakeem. (2022). “Cyber Security Challenges, Its Emerging Trends on Latest Information and Communication Technology and Cyber Crime in Mobile Money Transaction Services.” Tanzania Journal of Engineering and Technology 41 (2). https://doi.org/10.52339/tjet.v41i2.792.
  2. Mahendra, N., & Ahmad, S. (2016). A categorized review on software security testing. International Journal of Computer Applications, 154(1), 21–25. https://doi.org/10.5120/ijca2016912023
  3. Riisom, Klaus Reche, Martin Slusarczyk Hubel, Hasan Mousa Alradhi, Niels Bonde Nielsen, Kati Kuusinen, and Ronald Jabangwe. (2018). “Software Security in Agile Software Development: A Literature Review of Challenges and Solutions.” In ACM International Conference Proceeding Series. Vol. Part F147763. https://doi.org/10.1145/3234152.3234189.
  4. Mushi, Magreth, and Jabiri Bakari. (2012). “Security in In-House Developed Information Systems: The Case of Tanzania.” Systemics, Cybernetics and Informatics 10 (2): 1–5.
  5. Lyimo, Benson James. (2022). “Information Security Vulnerabilities and Tanzania Ministry of Education.” Olva Academy – School of Researchers 4 (1).
  6. Ally, Said. (2014). “Security Vulnerabilities of the Web Based Open-Source Information Systems: Adoption Process and Source Codes Screening.” HURIA: Journal of The Open University of Tanzania 17: 1–13.
  7. Brucker, Achim D, Dimitar Yanev, and Stephen Hookings. (2015). “Bringing Security Testing to Development: How to Enable Developers to Act as Security Experts.” In. https://api.semanticscholar.org/CorpusID:58662775.
  8. Abdul Rahman, Abdul Hadi Bin, Abdullah Nazir, Kim Tae Hyun, Tan Horng Yarng, and Fatima Tuz Zahra. (2020). “Software, Attacker and Asset-Centric Approach for Improving Security in System Development Process.” ArXiv, 1–12.
  9. Memon, Muhammad Sulleman, Mairaj Nabi Bhatti, Manzoor Ahmed Hashmani, Muhammad Shafique Malik, and Naveed Murad Dahri. (2021). “Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering.” In Research Anthology on Agile Software, Software Development, and Testing. Vol. 3. https://doi.org/10.4018/978-1-6684-3702-5.ch062.
  10. Memon, Muhammad Sulleman, Mairaj Nabi Bhatti, Manzoor Ahmed Hashmani, Muhammad Shafique Malik, and Naveed Murad Dahri. (2021). “Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering.” In Research Anthology on Agile Software, Software Development, and Testing. Vol. 3. https://doi.org/10.4018/978-1-6684-3702-5.ch062.
  11. Riisom, Klaus Reche, Martin Slusarczyk Hubel, Hasan Mousa Alradhi, Niels Bonde Nielsen, Kati Kuusinen, and Ronald Jabangwe. (2018). “Software Security in Agile Software Development: A Literature Review of Challenges and Solutions.” In ACM International Conference Proceeding Series. Vol. Part F147763. https://doi.org/10.1145/3234152.3234189.
  12. Memon, Muhammad Sulleman, Mairaj Nabi Bhatti, Manzoor Ahmed Hashmani, Muhammad Shafique Malik, and Naveed Murad Dahri. (2021). “Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering.” In Research Anthology on Agile Software, Software Development, and Testing. Vol. 3. https://doi.org/10.4018/978-1-6684-3702-5.ch062.
  13. Rajapakse, Roshan N., Mansooreh Zahedi, M. Ali Babar, and Haifeng Shen. (2022). “Challenges and Solutions When Adopting DevSecOps: A Systematic Review.” Information and Software Technology. https://doi.org/10.1016/j.infsof.2021.106700.
  14. Mahendra, Neha, and Suhel Ahmad. (2016). “A Categorized Review on Software Security Testing.” International Journal of Computer Applications 154 (1). https://doi.org/10.5120/ijca2016912023.
  15. Tung, Yuan Hsin, Sheng Chen Lo, Jen Feng Shih, and Hung Fu Lin. (2016). “An Integrated Security Testing Framework for Secure Software Development Life Cycle.” In 18th Asia- Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238.
  16. Sosnytskyi, Sergii, Mykola Glybovets, and Olena Pyechkurova. (2020). “Statical and Dynamical Software Analysis.” NaUKMA Research Papers. Computer Science 3 (0). https://doi.org/10.18523/2617-3808.2020.3.50-55.
  17. Sosnytskyi, Sergii, Mykola Glybovets, and Olena Pyechkurova. (2020). “Statical and Dynamical Software Analysis.” NaUKMA Research Papers. Computer Science 3 (0). https://doi.org/10.18523/2617-3808.2020.3.50-55.
  18. Nigam, Divya, Vinita Malik, and Sarvagya Nigam. (2015). “Methods and Techniques of Security Testing: A Survey.” International Journal of Advanced Engineering and Global Technology 3 (1).
  19. Lee, Younghwa, Jintae Lee, and Zoonky Lee. (2002). “Integrating Software Lifecycle Process Standards with Security Engineering.” Computers and Securityhttps://doi.org/10.1016/S0167-4048(02)00413-3.
  20. Baldassarre, Maria Teresa, Vita Santa Barletta, Danilo Caivano, and Michele Scalera. (2020). “Integrating Security and Privacy in Software Development.” Software Quality Journal 28 (3). https://doi.org/10.1007/s11219-020-09501-6.
  21. Rangnau, Thorsten, Remco V. Buijtenen, Frank Fransen, and Fatih Turkmen. (2020). “Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines.” In Proceedings – 2020 IEEE 24th International Enterprise Distributed Object Computing Conference, EDOC 2020https://doi.org/10.1109/EDOC49727.2020.00026.
  22. Abdul Rahman, Abdul Hadi Bin, Abdullah Nazir, Kim Tae Hyun, Tan Horng Yarng, and Fatima Tuz Zahra. (2020). “Software, Attacker and Asset-Centric Approach for Improving Security in System Development Process.” ArXiv, 1–12.
  23. Memon, Muhammad Sulleman, Mairaj Nabi Bhatti, Manzoor Ahmed Hashmani, Muhammad Shafique Malik, and Naveed Murad Dahri. (2021). “Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering.” In Research Anthology on Agile Software, Software Development, and Testing. Vol. 3. https://doi.org/10.4018/978-1-6684-3702-5.ch062.
  24. Mahendra, Neha, and Suhel Ahmad. (2016). “A Categorized Review on Software Security Testing.” International Journal of Computer Applications 154 (1). https://doi.org/10.5120/ijca2016912023.
  25. Riisom, Klaus Reche, Martin Slusarczyk Hubel, Hasan Mousa Alradhi, Niels Bonde Nielsen, Kati Kuusinen, and Ronald Jabangwe. (2018). “Software Security in Agile Software Development: A Literature Review of Challenges and Solutions.” In ACM International Conference Proceeding Series. Vol. Part F147763. https://doi.org/10.1145/3234152.3234189.
  26. Tung, Yuan Hsin, Sheng Chen Lo, Jen Feng Shih, and Hung Fu Lin. (2016). “An Integrated Security Testing Framework for Secure Software Development Life Cycle.” In 18th Asia- Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238.
  27. Rangnau, Thorsten, Remco V. Buijtenen, Frank Fransen, and Fatih Turkmen. (2020). “Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines.” In Proceedings - 2020 IEEE 24th International Enterprise Distributed Object Computing Conference, EDOC 2020https://doi.org/10.1109/EDOC49727.2020.00026.
  28. Lyimo, Benson James. (2022). “Information Security Vulnerabilities and Tanzania Ministry of Education.” Olva Academy – School of Researchers 4 (1).
  29. Ally, Said. (2014). “Security Vulnerabilities of the Web Based Open Source Information Systems: Adoption Process and Source Codes Screening.” HURIA: Journal of The Open University of Tanzania 17: 1–13.
  30. Creswell, J W. (2003). “Research Design Qualitative Quantitative and Mixed Methods Approaches.” Research Design Qualitative Quantitative and Mixed Methods Approacheshttps://doi.org/10.3109/08941939.2012.723954.
  31. Snyder, Hannah. (2019). “Literature Review as a Research Methodology: An Overview and Guidelines.” Journal of Business Research 104. https://doi.org/10.1016/j.jbusres.2019.07.039.
  32. Creswell, J W. (2003). “Research Design Qualitative Quantitative and Mixed Methods Approaches.” Research Design Qualitative Quantitative and Mixed Methods Approacheshttps://doi.org/10.3109/08941939.2012.723954.
  33. Schoonenboom, Judith, and R. Burke Johnson. (2017). “How to Construct a Mixed Methods Research Design.” KZfSS Kölner Zeitschrift Für Soziologie Und Sozialpsychologie 69 (S2). https://doi.org/10.1007/s11577-017-0454-1.
  34. Ganesha, H. R., and P. S. Aithal. (2022). “How to Choose an Appropriate Research Data Collection Method and Method Choice Among Various Research Data Collection Methods and Method Choices During Ph.D. Program in India?” International Journal of Management, Technology, and Social Sciences. https://doi.org/10.47992/ijmts.2581.6012.0233.
  35. Taherdoost, Hamed. (2018). “Sampling Methods in Research Methodology; How to Choose a Sampling Technique for Research.” SSRN Electronic Journalhttps://doi.org/10.2139/ssrn.3205035.
  36. Bodnar, Małgorzata, Jacek Namieśnik, and Piotr Konieczka. (2013). “Validation of a Sampling Procedure.” TrAC - Trends in Analytical Chemistryhttps://doi.org/10.1016/j.trac.2013.06.011.
  37. Baltes, Sebastian, and Paul Ralph. (2022). “Sampling in Software Engineering Research: A Critical Review and Guidelines.” Empirical Software Engineering 27 (4). https://doi.org/10.1007/s10664-021-10072-8.
  38. Bodnar, Małgorzata, Jacek Namieśnik, and Piotr Konieczka. (2013). “Validation of a Sampling Procedure.” TrAC - Trends in Analytical Chemistryhttps://doi.org/10.1016/j.trac.2013.06.011.
  39. Sandelowski, Margarete. (2000). “Focus on Research Methods: Combining Qualitative and Quantitative Sampling, Data Collection, and Analysis Techniques in Mixed-Method Studies.” Research in Nursing and Health 23 (3). https://doi.org/10.1002/1098- 240x (200006) 23:3<246::aid-nur9>3.0.co;2-h.
  40. Hamed, Omayma, Husain Hamza Jabbad, Omar I. Saadah, Mahmoud S. Al Ahwal, and Fatin M. Al-Sayes. (2018). “An Explanatory Mixed Methods Study on the Validity and Validation of Students’ Assessment Results in the Undergraduate Surgery Course.” Medical Teacher 40 (sup1). https://doi.org/10.1080/0142159X.2018.1465181.
  41. Heale, Roberta, and Alison Twycross. (2015). “Validity and Reliability in Quantitative Studies. “Evidence-Based Nursinghttps://doi.org/10.1136/eb-2015-102129.
  42. Hayashi, Paulo, Gustavo Abib, and Norberto Hoppen. (2019). “Validity in Qualitative Research: Processual Approach.” Qualitative Report 24 (1). https://doi.org/10.46743/2160- 3715/2019.3443.
  43. Twycross, Alison, and Linda Shields. (2004). “Validity and Reliability--What’s It All about? Part1. Validity in Quantitative Studies.” Paediatric Nursing 16 (9). https://doi.org/10.7748/paed2004.11.16.9.28.c954
Download PDF
Article Metrics

Views

24

Page No.

28-43

Published

15 January, 2026

Copyrights & License

License This work is licensed under a Creative Commons Attribution 4.0 International License.

Stephen M. Wangwe, George S. Oreku ©2026

All Content should be original and unpublished.

Most Read Articles

Academic Procrastination and Burnout among Grade 11 Students

Vol 01 No 03 (2024) 966 views

The Novel Our Home by Valentina Madihanto: Discrimination, Helplessnes, and Death

Vol 02 No 05 (2025) 646 views

The Influence of Public Knowledge and Perception on Motivation to Accept COVID-19 Vaccination

Vol 02 No 02 (2025) 596 views

Revitalizing Nigeria's Brownfields: Strategies to Increase Oil Production and Improve Local Refining Capacity

Vol 02 No 05 (2025) 503 views

A Distinction Between the Stakeholders Around the Salbisgo Dam in Burkina Faso to Better Understand Their Logic of Action

Vol 02 No 05 (2025) 439 views