Practitioners' Perspectives on Security in Agile Development

Practitioners' Perspectives on Security in Agile Development

Agile methods are widely employed to develop high-quality software, but theoretical analyses argue that agile methods are inadequate for security-critical projects. However, most agile-developed software today needs to satisfy baseline security requirements, so that we need to focus on how to achiev...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Bartsch, S.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Agile development
Companies
Context
Developer awareness
Documentation
Empirical study
Interviews
Programming
Secure software development
Security
Security requirements
Software
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Agile methods are widely employed to develop high-quality software, but theoretical analyses argue that agile methods are inadequate for security-critical projects. However, most agile-developed software today needs to satisfy baseline security requirements, so that we need to focus on how to achieve this this level for typical agile projects. In this paper, we provide insights from the practitioner's perspective on security in agile development and report on exploratory, qualitative findings from interviews. Our findings extend the theoretical prior work and suggest to focus on adequate customer involvement, developer security awareness and expertise, and continuously improving the development process for security.
DOI:10.1109/ARES.2011.82