Hyppää sisältöön
    • Suomeksi
    • På svenska
    • In English
  • Suomeksi
  • In English
  • Kirjaudu
Näytä aineisto 
  •   Etusivu
  • LUTPub
  • Tieteelliset julkaisut
  • Näytä aineisto
  •   Etusivu
  • LUTPub
  • Tieteelliset julkaisut
  • Näytä aineisto
JavaScript is disabled for your browser. Some features of this site may not work without it.

Security in Agile Software Development: A Practitioner Survey

Rindell, Kalle; Ruohonen, Jukka; Holvitie, Johannes; Hyrynsalmi, Sami; Leppänen, Ville (2020-11-20)

Katso/Avaa
rindell_et_al_security_in_finaldraft.pdf (378.8Kb)
Lataukset: 


Post-print / Final draft

Rindell, Kalle
Ruohonen, Jukka
Holvitie, Johannes
Hyrynsalmi, Sami
Leppänen, Ville
20.11.2020

Information and Software Technology

Elsevier

School of Engineering Science

https://doi.org/10.1016/j.infsof.2020.106488
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2020112392293

Tiivistelmä

Context: Software security engineering provides the means to define, implement and verify security in software products. Software security engineering is performed by following a software security development life cycle model or a security capability maturity model. However, agile software development methods and processes, dominant in the software industry, are viewed to be in conflict with these security practices and the security requirements.

Objective: Empirically verify the use and impact of software security engineering activities in the context of agile software development, as practiced by software developer professionals.

Method: A survey (N=61) was performed among software practitioners in Finland regarding their use of 40 common security engineering practices and their perceived security impact, in conjunction with the use of 16 agile software development items and activities.

Results: The use of agile items and activities had a measurable effect on the selection of security engineering practices. Perceived impact of the security practices was lower than the rate of use would imply: This was taken to indicate a selection bias, caused by e.g. developers’ awareness of only certain security engineering practices, or by difficulties in applying the security engineering practices into an iterative software development workflow. Security practices deemed to have most impact were proactive and took place in the early phases of software development.

Conclusion: Systematic use of agile practices conformed, and was observed to take place in conjunction with the use of security practices. Security activities were most common in the requirement and implementation phases. In general, the activities taking place early in the life cycle were also considered most impactful. A discrepancy between the level of use and the perceived security impact of many security activities was observed. This prompts research and methodological development for better integration of security engineering activities into software development processes, methods, and tools.

Lähdeviite

Rindell, K., Ruohonen, J., Holvitie, J., Hyrynsalmi, S., Leppänen, V. (2020). Security in Agile Software Development: A Practitioner Survey. Information and Software Technology. DOI: 10.1016/j.infsof.2020.106488

Kokoelmat
  • Tieteelliset julkaisut [1556]

Samankaltainen aineisto

Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.

  • Toimitilaturvallisuuden kehittäminen 

    Ala-Krekola, Eeva (2009)
    Työn tavoitteena oli selvittää mitä toimitilaturvallisuus on, mitkä ovat kohdeyrityksen emoyhtiön vaatimukset toimitilaturvallisuudelle ja mikä on toimitilaturvallisuuden tila diplomityön kohdeyrityksessä. Samalla tarkasteltiin ...
  • An analysis of consumer motivations for acquiring online security products 

    Nuorala, Jenni (2019)
    The purpose of this study is to analyse consumer motivations for acquiring online security products and how this motivation can be encouraged through marketing communication. While looking at the consumer motivation ...
  • Cyber security in home and small office local area networks - Attack vectors and vulnerabilities 

    Salminen, Markus (2016)
    This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not ...
LUT-yliopisto
PL 20
53851 Lappeenranta
Ota yhteyttä | Tietosuoja | Saavutettavuusseloste
 

 

Tämä kokoelma

JulkaisuajatTekijätNimekkeetKoulutusohjelmaAvainsanatSyöttöajatYhteisöt ja kokoelmat

Omat tiedot

Kirjaudu sisäänRekisteröidy
LUT-yliopisto
PL 20
53851 Lappeenranta
Ota yhteyttä | Tietosuoja | Saavutettavuusseloste