Secure Agile Software Development: Policies and Practices for Agile Teams

“…The taxonomy has helped to structure the identified secure agile practices. While our study identified eight security practices at the implementation phase, there is a published work that showed only three practices at the same phase [29]. Our taxonomy will help to improve organization's security activities as it encompasses different practices (roles, ceremonies & artefacts) rather than previous research endeavor which focused only on the security roles in a team [9].…”

“…Bezerra et. al., in [29] have grouped the agile security practices based on practitioners' assessment in a particular cyber security organization. Thus, a common finding of agile information systems development studies in the existing literature is that agile methods do sometimes comply with security requirements, but it is faced with the issues of higher cost and slower development due to inadequate agile security processes [8].…”

An Empirical Investigation of Agile Information Systems Development for Cybersecurity

“…The taxonomy has helped to structure the identified secure agile practices. While our study identified eight security practices at the implementation phase, there is a published work that showed only three practices at the same phase [29]. Our taxonomy will help to improve organization's security activities as it encompasses different practices (roles, ceremonies & artefacts) rather than previous research endeavor which focused only on the security roles in a team [9].…”

“…Bezerra et. al., in [29] have grouped the agile security practices based on practitioners' assessment in a particular cyber security organization. Thus, a common finding of agile information systems development studies in the existing literature is that agile methods do sometimes comply with security requirements, but it is faced with the issues of higher cost and slower development due to inadequate agile security processes [8].…”

An Empirical Investigation of Agile Information Systems Development for Cybersecurity

“…Additionally, we found 26 additional studies (37.6%) that present different approaches. One of these studies is oriented toward industry professionals [65], while another focuses on work teams [66], without considering the size of the company. A third study aims to identify secure software development practices that are critical for projects in companies of various sizes [67].…”

“…Considering the 14 articles that propose implementations, it is observed that 5 of these works do not provide an explicit conclusion about whether their practices are more effective or not when incorporating security measures into software development in SMEs. It is important to note, for example, that some of these works have only been validated by experts in the field of secure development, without indicating their effectiveness empirically, as evidenced in the studies by Treacy et al [71] and Bezerra et al [66]. Additionally, a study conducted by Humayun et al [72] evaluated their proposed framework using a mathematical model and a case study.…”

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

“…Bezerra et al 26 (Bezerra) have proposed five security policies consisting of multiple secure software development practices suitable for agile development teams. The methodology used to select these practices is to identify the practices from the existing literature, and a verification of these practices by conducting a workshop with a team of agile and security specialists.…”

Synthesizing secure software development activities for linear and agile lifecycle models