Agile Software Development

Nicolaysen, Torstein; Sassoon, Richard; Line, Maria B.; Jaatun, Martin Gilje

doi:10.4018/jsse.2010070105

Cited by 13 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Consistent with the Errata survey, Nicolaysen et al [9] found that very few of the companies were utilizing methodologies for creating secure software. The developers had no formal training in developing secure software and very few were concerned about security.…”

Section: A Software Security In Norwegian Organizationsmentioning

confidence: 87%

“…Two studies have recently been conducted to determine the state of practice in Norwegian organizations with regard to security. Nicolaysen et al [9] studied the software security initiatives of six companies using agile software development methodologies and Jaatun et al [10] studied 20 public Norwegian organizations developing software.…”

Section: A Software Security In Norwegian Organizationsmentioning

confidence: 99%

See 1 more Smart Citation

OWASP Top 10 - Do Startups Care?

Søhoel¹,

Jaatun

Boyd³

2018

2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

Self Cite

View full text Add to dashboard Cite

In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think "let's get it to work first, and then we'll worry about security later." However, major security flaws have killed more than one startup. This paper studies a small sample of 5 IT startups that offer services via the web, to determine to what extent they are aware of and can handle the OWASP top 10 threats.

show abstract

Section: A Software Security In Norwegian Organizationsmentioning

confidence: 87%

Section: A Software Security In Norwegian Organizationsmentioning

confidence: 99%

OWASP Top 10 - Do Startups Care?

Søhoel¹,

Jaatun

Boyd³

2018

2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

Self Cite

View full text Add to dashboard Cite

show abstract

“…d) ASD teams can assist customers in recognizing the importance and value of QRs, since customers in some domains may overlook important QRs or may not have adequate knowledge about QRs [40]. For instance, customers in the energy domain may overlook important QRs such as security [41]. Related Work: [5], [6], [8], [10], [30], [38]- [41] 2) RECOGNIZE THE NEED FOR OPTIMAL DOCUMENTATION OF QRs Description: Agile teams should acknowledge the need for optimal documentation of QRs (i.e., a satisfactory level of QR documentation that will not compromise agility and product quality).…”

Section: ) Recognize the Significance Of Qrsmentioning

confidence: 99%

“…For instance, customers in the energy domain may overlook important QRs such as security [41]. Related Work: [5], [6], [8], [10], [30], [38]- [41] 2) RECOGNIZE THE NEED FOR OPTIMAL DOCUMENTATION OF QRs Description: Agile teams should acknowledge the need for optimal documentation of QRs (i.e., a satisfactory level of QR documentation that will not compromise agility and product quality). They should take actions to meet the need for optimal documentation of QRs and start documenting QRs at early stages.…”

Section: ) Recognize the Significance Of Qrsmentioning

confidence: 99%

See 1 more Smart Citation

Quality Requirement Documentation Guidelines for Agile Software Development

2022

View full text Add to dashboard Cite

In agile software development (ASD), where minimal documentation and rapid delivery are the focus, Quality requirements (QRs) are often underspecified and not documented. Guidelines supporting QR documentation task are scarce. The study developed the Agile QR-Doc QR documentation guidelines, which aim to support QR documentation in ASD. We applied a design science research methodology (DSRM) to build the Agile QR-Doc. We used a survey questionnaire and open discussion with ten software practitioners, from two ASD companies to validate the Agile QR-Doc. The practitioners evaluated the guidelines in terms of usefulness, relevance, understandability, and coverage of important aspects for supporting QR documentation and their impact on the agility of the software development process. Agile QR-Doc list 12 recommendations that are grouped into two categories. The first category introduces three recommendations that focus on raising awareness about the significance of QRs, their documentation and related challenges. The second category lists nine recommendations that introduce artifacts, practices and important aspects for documenting QRs. The validation reveals the relevance, understandability and usefulness of the guidelines to support QR documentation in ASD. It also indicates that the guidelines consider important aspects for documenting QRs and that they do not negatively affect the agility of the software development process. Practitioners can utilize the practices, artifacts and knowledge from the guidelines to support QR documentation in ASD. Researchers can benefit from the knowledge on QR documentation in ASD, and application of DSRM in building artifacts.INDEX TERMS Agile software development, design science, documentation, quality requirement.

show abstract

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Tøndel

Jaatun

Cruzes

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on challenges facing adoption of the Protection Poker game; a collaborative and lightweight software security risk estimation technique that is particularly suited for agile teams. Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits identified include good discussions on security and the development project, increased knowledge and awareness of security, and contributions to security requirements. Challenges include managing discussions and the time it takes to play, ensuring confidence in the results from playing the game, and integrating results in a way that improves security of the end-product.

show abstract

Agile Software Development

Cited by 13 publications

References 12 publications

OWASP Top 10 - Do Startups Care?

OWASP Top 10 - Do Startups Care?

Quality Requirement Documentation Guidelines for Agile Software Development

Understanding Challenges to Adoption of the Protection Poker Software Security Game

Contact Info

Product

Resources

About