Repository home
- Search
- Browse
  - Author
  - Division
  - Year
  - Funder
  - Journal
- Login
- - Repository Statistics
- Contact us
- Find out more

Towards secure agile software development process: a practice-based model

Ardo, A, Bass, J ORCID: https://orcid.org/0000-0002-0570-7086 and Gaber, TMA ORCID: https://orcid.org/0000-0003-4065-4191 2022, Towards secure agile software development process: a practice-based model , in: 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),, 31 August 2022 - 02 September 2022, Gran Canaria, Spain.

	PDF - Published Version Restricted to Repository staff only Download (322kB) \| Request a copy
	PDF - Accepted Version Restricted to Repository staff only Download (292kB) \| Request a copy

Official URL: https://doi.org/10.1109/SEAA56994.2022.00031

Abstract

Agile methods are a well-established paradigm in the software development field. Agile adoption has contributed to improving software quality. However, software products are vulnerable to security challenges and susceptible to cyberattacks. This study aims to improve security of software products when using an agile software development process. A multi-methods qualitative research approach was adopted in this study. First, we conducted semi-structured interviews with 23 agile practitioners having varied years of cybersecurity experiences. An approach informed by grounded theory methodology was adopted for data analysis. Second, we developed a novel practice-based agile software development process model derived from the results of the data analysis conducted. Third, we validated the model through a focus group comprising five senior agile cybersecurity professionals to evaluate its relevancy and novelty. The study has identified 26 security practices, organized into the six - software development life-cycle phases: planning, requirements, design, implementation, testing, and deployment. We have mapped the practices onto four swim lanes each representing an agile role. The self-organizing team is exclusively involved in three security practices, the security specialist in nine, penetration tester in one and the DevOps team collaborates on one with the security specialist. There are also seven practices that are collaboratively performed by the self-organizing team and the security specialist. Each of the practices in the model was examined during the validation phase of the study. There are two contributions in this study. First, the paper proposes a novel practice-based model comprising of 26 security practices mapped to agile roles. Second, we propose a new practice, in response to an observed lack of collaborative ceremonies, to disseminate awareness of and hence compliance with security standards.

Item Type:	Conference or Workshop Item (Paper)
Schools:	Schools > School of Computing, Science and Engineering
Publisher:	Institute of Electrical and Electronics Engineers
Funders:	Petroleum Technology Development Fund (PTDF) Nigeria
Depositing User:	ABDULHAMID ALIYU Ardo
Date Deposited:	26 Jan 2023 12:37
Last Modified:	26 Jan 2023 12:45
URI:	https://usir.salford.ac.uk/id/eprint/66211

Actions (login required)

Edit record (repository staff only)

Tools

Altmetric

CORE (COnnecting REpositories) related articles