Towards secure agile software development process: a practice-based model

Ardo, A, Bass, J ORCID: and Gaber, TMA ORCID: 2022, Towards secure agile software development process: a practice-based model , in: 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),, 31 August 2022 - 02 September 2022, Gran Canaria, Spain.

[img] PDF - Published Version
Restricted to Repository staff only

Download (322kB) | Request a copy
[img] PDF - Accepted Version
Restricted to Repository staff only

Download (292kB) | Request a copy


Agile methods are a well-established paradigm in the software development field. Agile adoption has contributed to improving software quality. However, software products are vulnerable to security challenges and susceptible to cyberattacks. This study aims to improve security of software products when using an agile software development process. A multi-methods qualitative research approach was adopted in this study. First, we conducted semi-structured interviews with 23 agile practitioners having varied years of cybersecurity experiences. An approach informed by grounded theory methodology was adopted for data analysis. Second, we developed a novel practice-based agile software development process model derived from the results of the data analysis conducted. Third, we validated the model through a focus group comprising five senior agile cybersecurity professionals to evaluate its relevancy and novelty. The study has identified 26 security practices, organized into the six - software development life-cycle phases: planning, requirements, design, implementation, testing, and deployment. We have mapped the practices onto four swim lanes each representing an agile role. The self-organizing team is exclusively involved in three security practices, the security specialist in nine, penetration tester in one and the DevOps team collaborates on one with the security specialist. There are also seven practices that are collaboratively performed by the self-organizing team and the security specialist. Each of the practices in the model was examined during the validation phase of the study. There are two contributions in this study. First, the paper proposes a novel practice-based model comprising of 26 security practices mapped to agile roles. Second, we propose a new practice, in response to an observed lack of collaborative ceremonies, to disseminate awareness of and hence compliance with security standards.

Item Type: Conference or Workshop Item (Paper)
Schools: Schools > School of Computing, Science and Engineering
Publisher: Institute of Electrical and Electronics Engineers
Funders: Petroleum Technology Development Fund (PTDF) Nigeria
Depositing User: ABDULHAMID ALIYU Ardo
Date Deposited: 26 Jan 2023 12:37
Last Modified: 26 Jan 2023 12:45

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)