To main content

A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams

Abstract

Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that (1) The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered (2) regardless of cost or benefit, skill drives the kind of activities that are performed (3) Secure design is expressed as the most important training need by all groups in both organizations (4) Effective software security adoption in agile setting is not automatic, it requires a driver.
Read publication

Category

Academic article

Client

  • Research Council of Norway (RCN) / 247678

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security

Year

2017

Published in

International Journal of Secure Software Engineering (IJSSE)

ISSN

1947-3036

Publisher

IGI Global

Volume

8

Issue

1

View this publication at Cristin