Cristin-resultat-ID: 2023480
Sist endret: 11. mai 2022, 12:33
NVI-rapporteringsår: 2022
Resultat
Vitenskapelig artikkel
2022

Influencing the security prioritisation of an agile software development project

Bidragsytere:
  • Inger Anne Tøndel
  • Daniela Soares Cruzes
  • Martin Gilje JAATUN og
  • Guttorm Sindre

Tidsskrift

Computers & Security
ISSN 0167-4048
e-ISSN 1872-6208
NVI-nivå 1

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2022
Volum: 118
Hefte: 102744,

Beskrivelse Beskrivelse

Tittel

Influencing the security prioritisation of an agile software development project

Sammendrag

Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and their Product Owners are expected to also manage software security prioritisation. In this paper we build on the notion that security experts who want to influence the priority given to security in ASD need to do this through interactions and support for teams rather than prescribing certain activities or priorities. But to do this effectively, there is a need to understand what hinders and supports teams in prioritising security. Based on a longitudinal case study, this article offers insight into the strategy used by one security professional in an SME to influence the priority of security in software development projects in the company. The main result is a model of influences on security prioritisation that can assist in understanding what supports or hinders the prioritisation of security in ASD, thus providing recommendations for security professionals. Two alternative strategies are outlined for software security in ASD – prescribed and emerging – where we hypothesise that an emerging approach can be more relevant for SMEs doing ASD, and that this can impact how such companies should consider software security maturity.

Bidragsytere

Inger Anne Tøndel

  • Tilknyttet:
    Forfatter
    ved Institutt for datateknologi og informatikk ved Norges teknisk-naturvitenskapelige universitet

Daniela Soares Cruzes

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS
  • Tilknyttet:
    Forfatter
    ved Institutt for datateknologi og informatikk ved Norges teknisk-naturvitenskapelige universitet
Aktiv cristin-person

Martin Gilje Jaatun

Bidragsyterens navn vises på dette resultatet som Martin Gilje JAATUN
  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS

Guttorm Sindre

  • Tilknyttet:
    Forfatter
    ved Institutt for datateknologi og informatikk ved Norges teknisk-naturvitenskapelige universitet
1 - 4 av 4