A Review of Security Integration Technique in Agile Software Development

Khaim, Raja; Naz, Saba; Abbas, Fakhar; Iqbal, Naila; Hamayun, Memoona

doi:10.5121/ijsea.2016.7304

Cited by 14 publications

(7 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As already stated in the introduction, security requirements are often neglected in agile projects [19,15]. A study of practitioners' posts on LinkedIn [26] shed some light on why this is the case: "People do care about security, but do not think about it", "Security requirements are often poorly defined and owned", "Security requirements get often delivered in the last minute" and "Agile techniques are vulnerable for forgetting things like security."…”

Section: Security Requirements In Agile Software Developmentmentioning

confidence: 99%

“…One obvious reason for the decline in future use intention, especially concerning questions 1 and 2 where the biggest decline is observed, is the requirement to use Protection Poker in the course, something that will not be the case for any future projects the students encounter. In the end, half (15) of the students agree that they would like to use Protection Poker in the future, while only 5 respond not wanting to use Protection Poker (question 4).…”

Section: Longed Formentioning

confidence: 99%

“…Security risk is one type of risk that software products face today. Literature reviews on software security in agile development have found that security requirements are often neglected in agile projects [19,15]. Though several approaches to agile security requirements engineering have been suggested in literature, there has been little empirical work done on evaluating how these security requirements approaches work in real life settings [26].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Tøndel

Jaatun

Cruzes

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on challenges facing adoption of the Protection Poker game; a collaborative and lightweight software security risk estimation technique that is particularly suited for agile teams. Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits identified include good discussions on security and the development project, increased knowledge and awareness of security, and contributions to security requirements. Challenges include managing discussions and the time it takes to play, ensuring confidence in the results from playing the game, and integrating results in a way that improves security of the end-product.

show abstract

Section: Security Requirements In Agile Software Developmentmentioning

confidence: 99%

Section: Longed Formentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Tøndel

Jaatun

Cruzes

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…If security is incorporated during all phases of SDLC then the resultant product will not be vulnerable to security threats. This is only possible if a secure SDLC process is followed, secure SDLC ensures that security-related activities are an integral part of the overall development effort [13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

Humayun¹,

Jhanjhi²,

Almufareh³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Security is critical to the success of software, particularly in today's fast-paced, technology-driven environment. It ensures that data, code, and services maintain their CIA (Confidentiality, Integrity, and Availability). This is only possible if security is taken into account at all stages of the SDLC (Software Development Life Cycle). Various approaches to software quality have been developed, such as CMMI (Capability maturity model integration). However, there exists no explicit solution for incorporating security into all phases of SDLC. One of the major causes of pervasive vulnerabilities is a failure to prioritize security. Even the most proactive companies use the "patch and penetrate" strategy, in which security is accessed once the job is completed. Increased cost, time overrun, not integrating testing and input in SDLC, usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today's ICT world. There is a need to implement best practices in SDLC to address security at all levels. To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines. We proposed a secure SDLC framework based on the identified practices, which integrates the best security practices in various SDLC phases. A mathematical model is used to validate the proposed framework. A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.

show abstract

“…Agile development methods have gained widespread adoption in the software industry, and agile methods are now used for all types of software development and for various types of systems, including very large development projects (Dingsøyr et al, 2018). Current evidence shows that security work is often neglected in agile projects (Oueslati et al, 2015, Terpstra et al, 2017, Khaim et al, 2016, Tøndel et al, 2017, and that teams generally do not estimate security risks in an ongoing manner to inform the security requirements work (Tøndel et al, 2017). Risk management is important for making decisions on security activities in agile development, since full security analysis in every sprint is not possible (Oueslati et al, 2015).…”

Section: Introductionmentioning

confidence: 99%

Collaborative security risk estimation in agile software development

Tøndel

Jaatun

Cruzes

et al. 2019

ICS

View full text Add to dashboard Cite

Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security risk assessments have not yet gained widespread adoption in agile development, this study aims to assess to what extent the Protection Poker game would be accepted by agile teams and how it can be successfully integrated into the agile practices. Design/methodology/approach Protection Poker was studied in capstone projects, in teams doing a graduate software security course and in sessions with industry representatives. Data were collected via questionnaires, observations and group interviews. Findings Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits include good discussions on security and the development project, along with increased knowledge and awareness. Challenges include ensuring efficient use of time and gaining impact on the end product. Research limitations/implications Using students allowed easy access to subjects and an ability to collect rich data over time, but at the cost of generalizability to professional settings. Results from interactions with professionals supplement the data from students, showing similarities and differences in their opinions on Protection Poker. Originality/value The paper proposes ways to tackle the main obstacles to the adoption of the Protection Poker technique, as identified in this study.

show abstract

A Review of Security Integration Technique in Agile Software Development

Cited by 14 publications

References 18 publications

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

Collaborative security risk estimation in agile software development

Contact Info

Product

Resources

About