Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering-Reference-Cited by-同舟云学术

Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering

Published:2023-04-04 Issue:7 Volume:13 Page:4563
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Mihelič Anže¹²^ORCID,Hovelja Tomaž²^ORCID,Vrhovec Simon¹^ORCID

Affiliation:

1. Faculty of Criminal Justice and Security, University of Maribor, 1000 Ljubljana, Slovenia

2. Faculty of Computer and Information Science, University of Ljubljana, 1000 Ljubljana, Slovenia

Abstract

Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/7/4563/pdf

Reference70 articles.

1. Beyond the agile methods: A diagnostic tool to support the development of hybrid models;Bianchi;Int. J. Manag. Proj. Bus.,2021

2. Security in agile software development: A practitioner survey;Rindell;Inf. Softw. Technol.,2021

3. Adelyar, S.H., and Norta, A. (2016, January 6–9). Towards a Secure Agile Software Development Process. Proceedings of the 10th International Conference on the Quality of Information and Communications Technology (QUATIC), Lisbon, Portugal.

4. Pohl, C., and Hof, H.J. (2015, January 23–28). Secure Scrum: Development of Secure Software with Scrum. Proceedings of the The Ninth International Conference on Emerging Security Information, Systems and Technologies Secure, Venice, Italy.

5. Beck, K., Beedle, M., van Bennekum, A., Cockburn, A., Cunningham, W., Fowler, M., Grenning, J., Highsmith, J., Hunt, A., and Jeffries, R. (2001). Manifesto for Agile Software Development.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Evolution of secure development lifecycles and maturity models in the context of hosted solutions;Journal of Software: Evolution and Process;2024-07-30