Synthesizing secure software development activities for linear and agile lifecycle models

Alenezi, Mamdouh; Basit, Hamid Abdul; Beg, Maham Anwar; Shaukat, Muhammad Saad

doi:10.1002/spe.3072

Cited by 6 publications

(4 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is a very novel aspect as it simultaneously integrates the teaching of agility and creativity. It is aimed to be used as an educational resource in training centers and software companies, to teach or improve their agile processes such as computer auditing, 50 scientific software projects, 51 computer security, 52 and perhaps one day in quantum computing when it is more developed 53 . It is considered a serious game as it incorporates a number of game design elements and techniques, using them outside the gaming context and allowing companies to achieve business benefits 18 …”

Section: Description Of the Educational Resourcementioning

confidence: 99%

DesignScrum–An agility educational resource powered by creativity

Villarrubia,

Vara,

Granada

et al. 2024

Softw Pract Exp

View full text Add to dashboard Cite

Agile methods have been widely adopted by the industry and its teaching has seen a surge, particularly in the software development field. However, these methods have a number of limitations which affect product outcomes, such as the fact that many software development companies now use Scrum to get developers to work without interruption between iterations, rather than to maintain a sustainable rhythm. Agile experts have stated the importance of incorporating creativity into Scrum, and although there are several agile resources that help with the learning process, it seems essential to approach such learning from a practical point of view. Furthermore, none of these resources introduce creativity. In this paper, we present an educational resource in the form of a serious game that allows you to acquire all the key concepts of agile and creative methods. The game is based on the use of LEGO pieces to simulate a real project, applying the key concepts of the Scrum and Design Thinking frameworks in a gamified way. It was assessed in a professional training centre of computer science by using surveys through which participants evaluated their previous knowledge of agile and creativity methods. We analysed the improvement of these competences, as well as the general level of satisfaction with the game. After the game, the results showed that the participants' knowledge of the Scrum and Design Thinking frameworks had improved and that they were very satisfied with the whole experience.

show abstract

Section: Description Of the Educational Resourcementioning

confidence: 99%

DesignScrum–An agility educational resource powered by creativity

Villarrubia,

Vara,

Granada

et al. 2024

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…This study also contributes to research on the relationship between software engineering and security engineering by exploring the links between the two disciplines and their impact on the industry. 57 Synthesizing secure software development activities for linear and agile lifecycle models [123] In this article, an analysis and synthesis of software security best practices present in widely recognized security models is performed. Commonalities and variations in the best practices proposed for different phases of secure software development according to these models are identified.…”

Section: N Article Citementioning

confidence: 99%

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Valdés-Rodríguez,

Hochstetter-Diez,

Diéguez-Rebolledo

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Incorporating security into software development in small and medium-sized enterprises (SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an uncertain and fast-paced environment like that of an agile setting. Given the growing threat of cyberattacks, it is imperative to address this issue. This article examines and subsequently analyzes existing strategies in the literature regarding secure software development in the context of SMEs employing agile methodologies. The study initiates a systematic literature review to identify strategies employed in this context. The findings reveal that 57.9% of the studies present strategies to tackle security in agile software development, with 20.2% specifically focusing on SMEs. Subsequently, practices demonstrating success in integrating security measures into the software development lifecycle (SDLC) are analyzed and categorized. The results underscore the necessity of addressing security in the agile environment, as it remains a significant challenge in software development. Effective approaches are also required for small businesses to ensure application protection and long-term sustainability.INDEX TERMS agile development; security practices; secure development; SMEs; sustainability

show abstract

“…They also demonstrated why it is not the only security measures that must be implemented. Alenezi et al [14] synthesized security best practices presented by security models for linear and agile development lifecycles. This synthesis is geared toward providing a single unified source of knowledge about security best practices for software engineers.…”

Section: Related Workmentioning

confidence: 99%

“…It is made available through the MediaWiki platform to assist practitioners in defending against security attacks and dealing with security errors in an appropriate manner. White [14] identified the need for a holistic approach to IoT security and identified causes for IoT insecurity such as secure SDLC adoption (including SDPs,), organizational/human psychology, and security challenges due to the nature of IoT.…”

Section: Related Workmentioning

confidence: 99%

Exploring How to Apply Secure Software Design Principles

Ebad

2022

IEEE Access

View full text Add to dashboard Cite

Secure design principles (SDPs) are employed to be a solution against many types of attacks. However, it has been shown that software developers are not familiar with the notion of SDPs or do not know how to implement them in the design stage. This paper tries to bridge this gap by applying SDPs to a real-world software project, electronic promotion system (ePS), and commenting on the contribution of each SDP. Saltzer and Schroeder's eight principles, along with three additional principles proposed by others, are chosen to be applied to ePS. The results indicate that most of the principles enumerated here were instrumental and applied in the ePS's design. Most of the eleven SDPs, economy of mechanism, fail-safe defaults, least privilege, least common mechanisms, sound authentication, defense in depth, and input validation were implemented on ePS to a great extent. Others, namely separation of privileges and psychological acceptability, were applied to a limited extent. The remaining two principles, complete mediation and open design, did not play a vital role, as ePS by itself satisfies these two principles. Some contradictions and interrelations among the SDPs when they were applied were also debated. Taking into account the integration of ePS with other enterprise systems in the same organization, it was felt placing SDPs in a general context would be beneficial and sufficient. This work will bridge the gap between software practitioners and state-of-the-art research on software SDPs.

show abstract

Synthesizing secure software development activities for linear and agile lifecycle models

Cited by 6 publications

References 28 publications

DesignScrum–An agility educational resource powered by creativity

DesignScrum–An agility educational resource powered by creativity

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Exploring How to Apply Secure Software Design Principles

Contact Info

Product

Resources

About