Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses
Software engineering often follows a particular methodology. Throughout the software development industry, an increasing share of enterprises follow agile principles. However, engineering adequately secure software, even though required by some international standards, remains challenging. That is p...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10788687/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850250138019168256 |
|---|---|
| author | Anze Mihelic Simon Vrhovec Blaz Markelj Tomaz Hovelja |
| author_facet | Anze Mihelic Simon Vrhovec Blaz Markelj Tomaz Hovelja |
| author_sort | Anze Mihelic |
| collection | DOAJ |
| description | Software engineering often follows a particular methodology. Throughout the software development industry, an increasing share of enterprises follow agile principles. However, engineering adequately secure software, even though required by some international standards, remains challenging. That is particularly true when enterprises use agile approaches. Additionally, existing agile, secure software engineering approaches proposed in the literature are poorly suited for small and medium-sized enterprises (SMEs). While some suggest permanently embedding security in agile, these solutions are rigid and often limited to specific methods like Scrum or Extreme Programming. This paper introduces a situational agile approach for secure software development, namely ATTRACT, which does not require a particular method to be used by the development team and is designed as a temporary add-on to the existing method. It takes a software development method used by an enterprise as is and builds on it. It is designed to incrementally enhance security knowledge and awareness within the development team; thus, it is especially suited for SMEs. The approach was tested in a real-world longitudinal multiple-case study. The results indicate that this approach enhanced security awareness, improved code quality, and encouraged tailored security implementations. Although results indicate an adaptation phase, teams generally found that the approach met their expectations. |
| format | Article |
| id | doaj-art-9026debaf80944929dee3246714d3452 |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-9026debaf80944929dee3246714d34522025-08-20T01:58:19ZengIEEEIEEE Access2169-35362024-01-011218961118963510.1109/ACCESS.2024.351488910788687Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized BusinessesAnze Mihelic0https://orcid.org/0000-0002-5925-4262Simon Vrhovec1https://orcid.org/0000-0002-6951-6369Blaz Markelj2https://orcid.org/0009-0005-2951-8086Tomaz Hovelja3Faculty of Criminal Justice and Security, University of Maribor, Ljubljana, SloveniaFaculty of Criminal Justice and Security, University of Maribor, Ljubljana, SloveniaFaculty of Criminal Justice and Security, University of Maribor, Ljubljana, SloveniaFaculty of Computer and Information Science, University of Ljubljana, Ljubljana, SloveniaSoftware engineering often follows a particular methodology. Throughout the software development industry, an increasing share of enterprises follow agile principles. However, engineering adequately secure software, even though required by some international standards, remains challenging. That is particularly true when enterprises use agile approaches. Additionally, existing agile, secure software engineering approaches proposed in the literature are poorly suited for small and medium-sized enterprises (SMEs). While some suggest permanently embedding security in agile, these solutions are rigid and often limited to specific methods like Scrum or Extreme Programming. This paper introduces a situational agile approach for secure software development, namely ATTRACT, which does not require a particular method to be used by the development team and is designed as a temporary add-on to the existing method. It takes a software development method used by an enterprise as is and builds on it. It is designed to incrementally enhance security knowledge and awareness within the development team; thus, it is especially suited for SMEs. The approach was tested in a real-world longitudinal multiple-case study. The results indicate that this approach enhanced security awareness, improved code quality, and encouraged tailored security implementations. Although results indicate an adaptation phase, teams generally found that the approach met their expectations.https://ieeexplore.ieee.org/document/10788687/Software securitysecure software engineering (SSE)engineering of secure software (ESS)leansoftware development management |
| spellingShingle | Anze Mihelic Simon Vrhovec Blaz Markelj Tomaz Hovelja Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses IEEE Access Software security secure software engineering (SSE) engineering of secure software (ESS) lean software development management |
| title | Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses |
| title_full | Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses |
| title_fullStr | Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses |
| title_full_unstemmed | Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses |
| title_short | Delegation-Based Agile Secure Software Development Approach for Small and Medium-Sized Businesses |
| title_sort | delegation based agile secure software development approach for small and medium sized businesses |
| topic | Software security secure software engineering (SSE) engineering of secure software (ESS) lean software development management |
| url | https://ieeexplore.ieee.org/document/10788687/ |
| work_keys_str_mv | AT anzemihelic delegationbasedagilesecuresoftwaredevelopmentapproachforsmallandmediumsizedbusinesses AT simonvrhovec delegationbasedagilesecuresoftwaredevelopmentapproachforsmallandmediumsizedbusinesses AT blazmarkelj delegationbasedagilesecuresoftwaredevelopmentapproachforsmallandmediumsizedbusinesses AT tomazhovelja delegationbasedagilesecuresoftwaredevelopmentapproachforsmallandmediumsizedbusinesses |