Agile Development of Secure Software for Small and Medium-Sized Enterprises

Author:

Mihelič AnžeORCID,Vrhovec SimonORCID,Hovelja Tomaž

Abstract

Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.

Funder

Faculty of criminal justice and security, University of Maribor

Publisher

MDPI AG

Subject

Management, Monitoring, Policy and Law,Renewable Energy, Sustainability and the Environment,Geography, Planning and Development,Building and Construction

Cited by 11 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Large-scale agile security practices in software engineering;Information & Computer Security;2024-09-11

2. Evolution of secure development lifecycles and maturity models in the context of hosted solutions;Journal of Software: Evolution and Process;2024-07-30

3. Practical Sustainable Software Development in Architectural Flexibility for Energy Efficiency Using the Extended Agile Framework;Sustainability;2024-07-04

4. Agile Security Strategies;Advances in Information Security, Privacy, and Ethics;2024-06-30

5. Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no Discente;Anais do IV Simpósio Brasileiro de Educação em Computação (EDUCOMP 2024);2024-04-22

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3