Towards a Conceptual Framework for Security Requirements Work in Agile Software Development-Reference-Cited by-同舟云学术

Towards a Conceptual Framework for Security Requirements Work in Agile Software Development

Published:2020-01 Issue:1 Volume:11 Page:33-62
ISSN:2640-4265
Container-title:International Journal of Systems and Software Security and Protection
language:en
Short-container-title:

Author:

Tøndel Inger Anne¹^ORCID,Jaatun Martin Gilje²^ORCID

Affiliation:

1. Department of Computer Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway & SINTEF Digital, Trondheim, Norway

2. SINTEF Digital, Oslo, Norway

Abstract

Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, such knowledge can help researchers improve on available practices and recommendations. This article uses the results of published empirical studies on security requirement work to create a conceptual framework that shows key concepts related to work context, this work itself and the effects of this work. The resulting framework points to the following research challenges: 1) Identifying and understanding factors important for the effect of security requirements work; 2) Understanding what is the importance of the chosen requirements approach itself, and; 3) Properly taking into account contextual factors, especially factors related to individuals and interactions, in planning and analysis of empirical studies on security requirements work.

Publisher

IGI Global

Subject

General Engineering

Reference51 articles.

1. Towards a Secure Agile Software Development Process

2. Quality Requirements in Large-Scale Distributed Agile Projects – A Systematic Literature Review

3. Security Planning and Refactoring in Extreme Programming

4. A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting

5. Baca, D., & Carlsson, B. (2011). Agile development with security engineering activities. In Proceedings of the 2011 international conference on software and systems process (pp. 149–158). Academic Press.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach;IEEE Access;2024

2. A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software Development;ACM Computing Surveys;2023-07-17

3. Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering;Applied Sciences;2023-04-04

4. Agile Development of Secure Software for Small and Medium-Sized Enterprises;Sustainability;2023-01-02

5. Continuous software security through security prioritisation meetings;Journal of Systems and Software;2022-12