Identification and Evaluation of Security Activities in Agile Projects

Ayalew, Tigist; Kidane, Tigist; Carlsson, Bengt

doi:10.1007/978-3-642-41488-6_10

Cited by 24 publications

(17 citation statements)

References 18 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Description: Assign roles to individuals with expertise on QRs to assist in the documentation of QRs in ASD. Empirical evidence from the literature reveals that assigning roles to individuals with expertise in security, usability, and quality assurance have been helpful for documenting and managing QRs [17], [52], [53].…”

Section: ) Allocate Roles and Responsibilities For Documenting And Ma...mentioning

confidence: 99%

Quality Requirement Documentation Guidelines for Agile Software Development

2022

View full text Add to dashboard Cite

In agile software development (ASD), where minimal documentation and rapid delivery are the focus, Quality requirements (QRs) are often underspecified and not documented. Guidelines supporting QR documentation task are scarce. The study developed the Agile QR-Doc QR documentation guidelines, which aim to support QR documentation in ASD. We applied a design science research methodology (DSRM) to build the Agile QR-Doc. We used a survey questionnaire and open discussion with ten software practitioners, from two ASD companies to validate the Agile QR-Doc. The practitioners evaluated the guidelines in terms of usefulness, relevance, understandability, and coverage of important aspects for supporting QR documentation and their impact on the agility of the software development process. Agile QR-Doc list 12 recommendations that are grouped into two categories. The first category introduces three recommendations that focus on raising awareness about the significance of QRs, their documentation and related challenges. The second category lists nine recommendations that introduce artifacts, practices and important aspects for documenting QRs. The validation reveals the relevance, understandability and usefulness of the guidelines to support QR documentation in ASD. It also indicates that the guidelines consider important aspects for documenting QRs and that they do not negatively affect the agility of the software development process. Practitioners can utilize the practices, artifacts and knowledge from the guidelines to support QR documentation in ASD. Researchers can benefit from the knowledge on QR documentation in ASD, and application of DSRM in building artifacts.INDEX TERMS Agile software development, design science, documentation, quality requirement.

show abstract

Section: ) Allocate Roles and Responsibilities For Documenting And Ma...mentioning

confidence: 99%

Quality Requirement Documentation Guidelines for Agile Software Development

2022

View full text Add to dashboard Cite

show abstract

“…In light of this large number of practices, one might expect that all practices that we found in our study have already been included in the literature-indeed, most of them have. For example, the practice of utilizing experts in the field of security can be found in Ayalew et al (2013) and S. Türpe and Poller (2017); the practice of using mock-ups (or "low-fi prototypes") for QRs is described in Wale-Kolade et al (2014); the practice of continuous and automated monitoring and testing is discussed in Cruzes et al (2017), Cannizzo et al (2008), and Gary et al (2011); and the practice of using acceptance criteria and DoD, among others, for documenting QRs is detailed in Behutiye et al (2017). However, not all of these practices were used exactly as they were proposed in the literature, or for the exact same purpose.…”

Section: Practicesmentioning

confidence: 99%

Strategies to manage quality requirements in agile software development: a multiple case study

et al. 2021

View full text Add to dashboard Cite

Agile methods can deliver software that fulfills customer needs rapidly and continuously. Quality requirements (QRs) are important in this regard; however, detailed studies on how companies applying agile methods to manage QRs are limited, as are studies on the rationale for choosing specific QR management practices and related challenges. The aim of this study was to address why practitioners manage QRs as they do and what challenges they face. We also analyzed how existing practices mitigate some of the found challenges. Lastly, we connect the contextual elements of the companies with their practices and challenges. We conducted 36 interviews with practitioners from four companies of varying sizes. Since each company operates in different domains, comparing QR management strategies and related challenges in different contexts was possible. We found that the companies apply proactive, reactive, and interactive strategies to manage QRs. Additionally, our study revealed 40 challenges in six categories that companies applying agile methods may face in QR management. We also identified nine contextual elements that affect QR management practice choices and which, importantly, can explain many related challenges. Based on these findings, we constructed a theoretical model about the connection between context, QR management practices, and challenges. Practitioners in similar contexts can learn from the practices identified in this study. Our preliminary theoretical model can help other practitioners identify what challenges they can expect to face in QR management in different developmental contexts as well as which practices to apply to mitigate these challenges.

show abstract

“…A variety of research in secure software development suggests improvements in the development process or creating proprietary development methods [19,24,39]. With the evolution of software development methods, we see the focus of researchers shifting towards the comparison of secure development methods and integrating security into the development process or vice-versa [10,38,45,46]. Earlier work by Flechais et al [25] proposes a secure software engineering method that integrates risk and threat assessment with other project-specific parameters to provide security analysis during the development process.…”

Section: Secure Software Developmentmentioning

confidence: 99%

Secure Software Engineering in the Financial Services: A Practitioners' Perspective

Arora¹,

Vargas²,

Aniche³

et al. 2021

Preprint

View full text Add to dashboard Cite

Secure software engineering is a fundamental activity in modern software development. However, while the field of security research has been advancing quite fast, in practice, there is still a vast knowledge gap between the security experts and the software development teams. After all, we cannot expect developers and other software practitioners to be security experts. Understanding how software development teams incorporate security in their processes and the challenges they face is a step towards reducing this gap. In this paper, we study how financial services companies ensure the security of their software systems. To that aim, we performed a qualitative study based on semi-structured interviews with 16 software practitioners from 11 different financial companies in three continents. Our results shed light on the security considerations that practitioners take during the different phases of their software development processes, the different security practices that software teams make use of to ensure the security of their software systems, the improvements that practitioners perceive as important in existing state-of-the-practice security tools, the different knowledge-sharing and learning practices that developers use to learn more about software security, and the challenges that software practitioners currently face when it comes to secure their systems.

show abstract

Identification and Evaluation of Security Activities in Agile Projects

Cited by 24 publications

References 18 publications

Quality Requirement Documentation Guidelines for Agile Software Development

Quality Requirement Documentation Guidelines for Agile Software Development

Strategies to manage quality requirements in agile software development: a multiple case study

Secure Software Engineering in the Financial Services: A Practitioners' Perspective

Contact Info

Product

Resources

About