Adoption of Information Security Practices in Large-Scale Agile Software Development: A Case Study in the Finance Industry

Sascha Nägele, Lorena Korn, Florian Matthes

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

1 Zitat (Scopus)

Abstract

Agile development methods have pervaded software engineering and are increasingly applied in large projects and organizations. At the same time, security threats and restrictive legislation regarding security and privacy are steadily rising. These two trends of agile software development at scale and increasingly important security requirements are often at odds with each other. Academic literature widely acknowledges the challenges therefrom and discusses approaches to integrate these two partly conflicting trends. However, several researchers point out a need for empirical studies and evaluations of these approaches in practice. To fill this research gap, we conducted a case study in the finance industry. We identified 27 agile security approaches in academic literature. Based on these theoretical findings, we carried out observations, document analysis, and unstructured interviews to identify which approaches the case company applies. We then conducted semi-structured interviews with 10 experts and a survey with 62 participants to evaluate 14 approaches. One of the key results is that role and knowledge approaches, such as dedicated security roles and communities, are especially important in scaled agile development environments. In addition, the most beneficial security activities are easy-to-integrate, such as a security tagging system, peer security code reviews, security stories, and threat poker. We also contribute evaluation criteria as well as drivers and obstacles for the adoption of agile security approaches that can be used for further research and practice.

OriginalspracheEnglisch
TitelARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
Herausgeber (Verlag)Association for Computing Machinery
ISBN (elektronisch)9798400707728
DOIs
PublikationsstatusVeröffentlicht - 29 Aug. 2023
Veranstaltung18th International Conference on Availability, Reliability and Security, ARES 2023 - Benevento, Italien
Dauer: 29 Aug. 20231 Sept. 2023

Publikationsreihe

NameACM International Conference Proceeding Series

Konferenz

Konferenz18th International Conference on Availability, Reliability and Security, ARES 2023
Land/GebietItalien
OrtBenevento
Zeitraum29/08/231/09/23

Fingerprint

Untersuchen Sie die Forschungsthemen von „Adoption of Information Security Practices in Large-Scale Agile Software Development: A Case Study in the Finance Industry“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren