Abstract
Background Agile methods have been shown to have a negative impact on security. Several studies have investigated challenges in aligning security practices with agile methods, however, none of these have examined security challenges in the context of large-scale agile. Large-scale agile can present unique challenges, as large organizations often involve highly interdependent teams that need to align with other (non-agile) departments. Goal Our objective is to identify security challenges encountered in large-scale agile software development from the perspective of agile practitioners. Method Cooperative Method Development is applied to guide a qualitative case study at Rabobank, a Dutch multinational banking organization. A total of ten interviews is conducted with members in different agile roles from five different agile development teams. Data saturation has been obtained. By open card sorting we identify challenges pertaining to security in agile. Results The following challenges appear to be unique to large-scale agile: alignment of security objectives in a distributed setting, developing a common understanding of the roles and responsibilities in security activities, and integration of low-overhead security testing tools. Additional challenges reported appear to be common to security in software development in general or concur with challenges reported for small-scale agile. Conclusions The reported findings suggest the presence of multiple security challenges unique to large-scale agile. Future work should focus on confirming these challenges and investigating possible mitigations.
Original language | English |
---|---|
Title of host publication | ESEM '18 Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement |
Place of Publication | New York |
Publisher | Association for Computing Machinery, Inc |
Number of pages | 4 |
ISBN (Electronic) | 9781450358231 |
ISBN (Print) | 978-1-4503-5823-1 |
DOIs | |
Publication status | Published - 11 Oct 2018 |
Event | 12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement - Oulu, Finland Duration: 11 Oct 2018 → 12 Oct 2018 Conference number: 12 http://eseiw2018.wixsite.com/esem2018 |
Conference
Conference | 12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement |
---|---|
Abbreviated title | ESEM'18 |
Country/Territory | Finland |
City | Oulu |
Period | 11/10/18 → 12/10/18 |
Internet address |
Keywords
- Agile software development
- Large-scale agile
- Security management