Asian Journal of Research in Computer Science

This study investigates the barriers and enablers influencing the adoption of the Risk Management Framework (RMF) in mid-sized software development enterprises through a quantitative research design. Four datasets were analyzed:  the Stack Overflow Developer Survey, ENISA Threat Landscape Reports, OpenSSF Secure Practices Survey, and Verizon’s Data Breach Investigations Report (DBIR). The study employed descriptive statistics to explore awareness patterns, exploratory factor analysis to identify latent barriers, binary logistic regression to model enablers, and independent t-tests to evaluate security performance outcomes. Findings reveal that RMF awareness is highest among DevOps Engineers and Software Architects (73.3%), yet practical adoption remains limited, with only 34.4% of Asian firms implementing RMF-aligned practices. Lack of leadership support emerged as the strongest barrier (loading = -0.58), while leadership endorsement was the most significant enabler (β = 1.1671, p < .001). Organizations that adopted RMF demonstrated 40% faster threat detection and 66% faster incident response compared to non-adopters. The study highlights the strategic role of leadership commitment, workforce training, and CI/CD pipeline integration in promoting RMF adoption. It recommends contextual RMF toolkits tailored for Agile environments, executive-level cybersecurity briefings, and role-specific certifications to accelerate adoption. By strengthening operational resilience and regulatory compliance, RMF offers a scalable pathway for mid-sized firms navigating the complexities of modern software security risks.