Security in agile software development: A practitioner survey

Tietueen suppeat tiedot
dc.contributor.authorRindell Kalle
dc.contributor.authorRuohonen Jukka
dc.contributor.authorHolvitie Johannes
dc.contributor.authorHyrynsalmi Sami
dc.contributor.authorLeppänen Ville
dc.contributor.organizationfi=ohjelmistotekniikka|en=Software Engineering|
dc.contributor.organization-code1.2.246.10.2458963.20.71310837563
dc.contributor.organization-code2610302
dc.converis.publication-id50442793
dc.converis.urlhttps://research.utu.fi/converis/portal/Publication/50442793
dc.date.accessioned2022-10-28T12:43:05Z
dc.date.available2022-10-28T12:43:05Z
dc.description.abstract<p>Context: Software security engineering provides the means to define, implement and verify security in software products. Software security engineering is performed by following a software security development life cycle model or a security capability maturity model. However, agile software development methods and processes, dominant in the software industry, are viewed to be in conflict with these security practices and the security requirements. Objective: Empirically verify the use and impact of software security engineering activities in the context of agile software development, as practiced by software developer professionals. Method: A survey (N=61) was performed among software practitioners in Finland regarding their use of 40 common security engineering practices and their perceived security impact, in conjunction with the use of 16 agile software development items and activities. Results: The use of agile items and activities had a measurable effect on the selection of security engineering practices. Perceived impact of the security practices was lower than the rate of use would imply: This was taken to indicate a selection bias, caused by e.g. developers’ awareness of only certain security engineering practices, or by difficulties in applying the security engineering practices into an iterative software development workflow. Security practices deemed to have most impact were proactive and took place in the early phases of software development. Conclusion: Systematic use of agile practices conformed, and was observed to take place in conjunction with the use of security practices. Security activities were most common in the requirement and implementation phases. In general, the activities taking place early in the life cycle were also considered most impactful. A discrepancy between the level of use and the perceived security impact of many security activities was observed. This prompts research and methodological development for better integration of security engineering activities into software development processes, methods, and tools.<br></p>
dc.identifier.eissn1873-6025
dc.identifier.jour-issn0950-5849
dc.identifier.olddbid178459
dc.identifier.oldhandle10024/161553
dc.identifier.urihttps://www.utupub.fi/handle/11111/36000
dc.identifier.urnURN:NBN:fi-fe2021042826243
dc.language.isoen
dc.okm.affiliatedauthorRindell, Kalle
dc.okm.affiliatedauthorRuohonen, Jukka
dc.okm.affiliatedauthorHolvitie, Johannes
dc.okm.affiliatedauthorLeppänen, Ville
dc.okm.discipline113 Computer and information sciencesen_GB
dc.okm.discipline113 Tietojenkäsittely ja informaatiotieteetfi_FI
dc.okm.internationalcopublicationnot an international co-publication
dc.okm.internationalityInternational publication
dc.okm.typeA1 ScientificArticle
dc.publisherElsevier B.V.
dc.publisher.countryNetherlandsen_GB
dc.publisher.countryAlankomaatfi_FI
dc.publisher.country-codeNL
dc.relation.articlenumber106488
dc.relation.doi10.1016/j.infsof.2020.106488
dc.relation.ispartofjournalInformation and Software Technology
dc.relation.volume131
dc.source.identifierhttps://www.utupub.fi/handle/10024/161553
dc.titleSecurity in agile software development: A practitioner survey
dc.year.issued2021

Tiedostot

Näytetään 1 - 1 / 1
Name:
1-s2.0-S0950584920302305-main.pdf
Size:
1.05 MB
Format:
Adobe Portable Document Format
Description:
Publisher's PDF
Lataa

Kokoelmat

Rinnakkaistallenteet