An empirical perspective on security challenges in large-scale agile software development

Amber van der Heijden, Cosmin Broasca, A. Serebrenik

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

2 Citaten (Scopus)

Samenvatting

Background Agile methods have been shown to have a negative impact on security. Several studies have investigated challenges in aligning security practices with agile methods, however, none of these have examined security challenges in the context of large-scale agile. Large-scale agile can present unique challenges, as large organizations often involve highly interdependent teams that need to align with other (non-agile) departments. Goal Our objective is to identify security challenges encountered in large-scale agile software development from the perspective of agile practitioners. Method Cooperative Method Development is applied to guide a qualitative case study at Rabobank, a Dutch multinational banking organization. A total of ten interviews is conducted with members in different agile roles from five different agile development teams. Data saturation has been obtained. By open card sorting we identify challenges pertaining to security in agile. Results The following challenges appear to be unique to large-scale agile: alignment of security objectives in a distributed setting, developing a common understanding of the roles and responsibilities in security activities, and integration of low-overhead security testing tools. Additional challenges reported appear to be common to security in software development in general or concur with challenges reported for small-scale agile. Conclusions The reported findings suggest the presence of multiple security challenges unique to large-scale agile. Future work should focus on confirming these challenges and investigating possible mitigations.
Originele taal-2Engels
TitelESEM '18 Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
Plaats van productieNew York
UitgeverijAssociation for Computing Machinery, Inc
Aantal pagina's4
ISBN van elektronische versie9781450358231
ISBN van geprinte versie978-1-4503-5823-1
DOI's
StatusGepubliceerd - 11 okt 2018
Evenement12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement - Oulu, Finland
Duur: 11 okt 201812 okt 2018
Congresnummer: 12
http://eseiw2018.wixsite.com/esem2018

Congres

Congres12th ACM/IEEE International Conference on Empirical Software Engineering and Measurement
Verkorte titelESEM'18
Land/RegioFinland
StadOulu
Periode11/10/1812/10/18
Internet adres

Vingerafdruk

Duik in de onderzoeksthema's van 'An empirical perspective on security challenges in large-scale agile software development'. Samen vormen ze een unieke vingerafdruk.

Citeer dit