Skip to main content

Research Repository

Advanced Search

Towards secure agile software development process: a practice-based model

Ardo, A; Bass, J; Gaber, TMA

Authors

A Ardo

TMA Gaber



Abstract

Agile methods are a well-established paradigm in the software development field. Agile adoption has contributed to improving software quality. However, software products are vulnerable to security challenges and susceptible to cyberattacks. This study aims to improve security of software products when using an agile software development process. A multi-methods qualitative research approach was adopted in this study. First, we conducted semi-structured interviews with 23 agile practitioners having varied years of cybersecurity experiences. An approach informed by grounded theory methodology was adopted for data analysis. Second, we developed a novel practice-based agile software development process model derived from the results of the data analysis conducted. Third, we validated the model through a focus group comprising five senior agile cybersecurity professionals to evaluate its relevancy and novelty. The study has identified 26 security practices, organized into the six - software development life-cycle phases: planning, requirements, design, implementation, testing, and deployment. We have mapped the practices onto four swim lanes each representing an agile role. The self-organizing team is exclusively involved in three security practices, the security specialist in nine, penetration tester in one and the DevOps team collaborates on one with the security specialist. There are also seven practices that are collaboratively performed by the self-organizing team and the security specialist. Each of the practices in the model was examined during the validation phase of the study. There are two contributions in this study. First, the paper proposes a novel practice-based model comprising of 26 security practices mapped to agile roles. Second, we propose a new practice, in response to an observed lack of collaborative ceremonies, to disseminate awareness of and hence compliance with security standards.

Citation

Ardo, A., Bass, J., & Gaber, T. (2022). Towards secure agile software development process: a practice-based model. In 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). https://doi.org/10.1109/SEAA56994.2022.00031

Conference Name 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),
Conference Location Gran Canaria, Spain
Start Date Aug 31, 2022
End Date Sep 2, 2022
Acceptance Date May 31, 2022
Online Publication Date Jan 16, 2022
Publication Date Aug 31, 2022
Deposit Date Jan 26, 2023
Publicly Available Date Mar 29, 2024
Publisher Institute of Electrical and Electronics Engineers
Book Title 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)
DOI https://doi.org/10.1109/SEAA56994.2022.00031
Additional Information Event Type : Conference
Projects : Secure Agile Software Development in the Nigerian Oil & Gas Sector