An empirical perspective on security challenges in large-scale agile software development

Amber van der Heijden, Cosmin Broasca, A. Serebrenik

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)

Abstract

Background Agile methods have been shown to have a negative impact on security. Several studies have investigated challenges in aligning security practices with agile methods, however, none of these have examined security challenges in the context of large-scale agile. Large-scale agile can present unique challenges, as large organizations often involve highly interdependent teams that need to align with other (non-agile) departments. Goal Our objective is to identify security challenges encountered in large-scale agile software development from the perspective of agile practitioners. Method Cooperative Method Development is applied to guide a qualitative case study at Rabobank, a Dutch multinational banking organization. A total of ten interviews is conducted with members in different agile roles from five different agile development teams. Data saturation has been obtained. By open card sorting we identify challenges pertaining to security in agile. Results The following challenges appear to be unique to large-scale agile: alignment of security objectives in a distributed setting, developing a common understanding of the roles and responsibilities in security activities, and integration of low-overhead security testing tools. Additional challenges reported appear to be common to security in software development in general or concur with challenges reported for small-scale agile. Conclusions The reported findings suggest the presence of multiple security challenges unique to large-scale agile. Future work should focus on confirming these challenges and investigating possible mitigations.
Original languageEnglish
Title of host publicationESEM '18 Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Number of pages4
ISBN (Electronic)9781450358231
ISBN (Print)978-1-4503-5823-1
DOIs
Publication statusPublished - 11 Oct 2018
Event12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement - Oulu, Finland
Duration: 11 Oct 201812 Oct 2018
Conference number: 12
http://eseiw2018.wixsite.com/esem2018

Conference

Conference12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement
Abbreviated titleESEM'18
CountryFinland
CityOulu
Period11/10/1812/10/18
Internet address

Keywords

  • Agile software development
  • Large-scale agile
  • Security management

Fingerprint

Dive into the research topics of 'An empirical perspective on security challenges in large-scale agile software development'. Together they form a unique fingerprint.

Cite this