Introducing a Novel Security-Enhanced Agile Software Development Process

Abstract: In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis for identifying potential threats. As a general finding of implementing SEAP in software development, the developers so… Show more

“…It is also worth to notice that all of the classes target the user's privacy. Some harmful effects attributed to spyware are presented by Boldt et al [23]. The authors mention four main categories of risks posed by spyware: consumption of system capacity (processing) and consumption of bandwidth can cause availability problems; Security issues and privacy issues, such as user's information (credentials, e-mail addresses) leakage through covert communications violate the principle of confidentiality.…”

“…Saroiu et al [128] defines (sometimes overlapping) subclasses to spyware that are based on their expected behavior. Boldt et al [23] classifies spyware according to the risk they pose to the security principles of availability and confidentiality.…”

Malware behavior

“…It is also worth to notice that all of the classes target the user's privacy. Some harmful effects attributed to spyware are presented by Boldt et al [23]. The authors mention four main categories of risks posed by spyware: consumption of system capacity (processing) and consumption of bandwidth can cause availability problems; Security issues and privacy issues, such as user's information (credentials, e-mail addresses) leakage through covert communications violate the principle of confidentiality.…”

“…Saroiu et al [128] defines (sometimes overlapping) subclasses to spyware that are based on their expected behavior. Boldt et al [23] classifies spyware according to the risk they pose to the security principles of availability and confidentiality.…”

Malware behavior

The Current State of Security Governance and Compliance in Large-Scale Agile Development: A Systematic Literature Review and Interview Study