izpis_h1_title_alt

A delegation-based lightweight agile approach for secure software development in small and medium enterprises
ID Mihelič, Anže (Author), ID Hovelja, Tomaž (Mentor) More about this mentor... This link opens in a new window, ID Vrhovec, Simon (Comentor)

.pdfPDF - Presentation file, Download (2,65 MB)
MD5: FC7C29690C9EA3AEF0E0064BD2F1C1E6

Abstract
The software development workflow is typically defined by a specific development methodology and then further organized by distinct phases for more effective software production. Secure software development aims to integrate security measures throughout this process to create a more secure end product. However, agile methodologies face challenges incorporating security features due to their characteristics like adaptability, rapid release cycles, and continuous feedback. Existing solutions within the literature propose embedding permanent security roles, processes, and artifacts into agile methods. These solutions, however, are constrained by their lack of adaptability to situational factors and their method-specific designs, such as for Scrum or Extreme Programming (XP), limiting their applicability in different development methods. In this dissertation, we introduce two novel approaches: the "ATTRACT Approach" for secure software development and an approach for evaluating existing software development methods from a security perspective. Unlike existing solutions, the ATTRACT Approach is not tied to any particular software development methodology. It is designed to incrementally build security knowledge and awareness in a temporary and iterative manner, taking into account the unique circumstances of the development enterprise. It is particularly suited for small and medium-sized enterprises. Meanwhile, our evaluation approach assesses various development methods and their elements based on three core dimensions: enhanced security, cost-efficiency, and retained agility. Both approaches were evaluated in a real-world, longitudinal, multiple-case study. The findings suggest that adopting these approaches elevates the security knowledge and awareness of project teams, fosters security-focused problem-solving, enhances code quality and review processes, and encourages the implementation of customized security measures in the end products. While developers reported a learning curve in adapting these approaches, the teams overall found that their initial expectations were met.

Language:English
Keywords:secure software development, software engineering, agile, lean, small and medium sized enterprises, software development management, security
Work type:Doctoral dissertation
Typology:2.08 - Doctoral Dissertation
Organization:FRI - Faculty of Computer and Information Science
Year:2024
PID:20.500.12556/RUL-154420 This link opens in a new window
COBISS.SI-ID:185436163 This link opens in a new window
Publication date in RUL:14.02.2024
Views:575
Downloads:58
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:Slovenian
Title:Na delegiranju zasnovan agilni pristop k razvoju varne programske opreme za mala in srednje velika podjetja
Abstract:
Delovni proces razvoja programske opreme je navadno določen z metodologijo razvoja, nato pa za učinkovitejše delo še organiziran v ločene faze. Da bi ustvarili varnejši končni izdelek, si razvoj varne programske opreme prizadeva vključevati varnostne ukrepe skozi celoten proces. Vendar pa se agilne metodologije soočajo z izzivi pri vključevanju varnostnih elementov zaradi svojih lastnosti, kot so prilagodljivost, kratki cikli in pogosto pridobivanje povratnih informacij. Obstoječe rešitve predstavljene v literaturi predlagajo trajno vključitev varnostnih vlog, procesov in artefaktov v agilne metode. Takšne rešitve so omejene zaradi svoje neprilagodljivosti situacijskim faktorjem in zaradi svoje prilagojenosti specifičnim metodam, kot npr. Scrum ali Extreme Programming (XP), kar omejuje njihovo uporabnost. V tej disertaciji predstavljamo dva nova pristopa: "ATTRACT pristop" za razvoj vare programske opreme in pristop za ocenjevanje obstoječih metod razvoja programske opreme z varnostnega vidika. Za razliko od obstoječih rešitev, pristop ATTRACT ni vezan na nobeno določeno metodo razvoja programske opreme. Zasnovan je tako, da postopoma izpopolnjuje znanje o v varnost usmerjenem razvoju in varnostno ozaveščenost na začasen in iterativen način, pri čemer upošteva edinstvene okoliščine razvojnega podjetja. Še posebej je primeren za mala in srednje velika podjetja. Medtem naš pristop za ocenjevanje pristopa k ocenjevanju različnih metod razvoja in njihovih elementov na podlagi treh osnovnih dimenzij: izboljšane varnosti, stroškovne učinkovitosti in ohranjanja agilnosti. Oba pristopa sta bila testirana v industrijskem okolju z longitudinalno študijo več primerov. Ugotovitve nakazujejo, da sprejetje teh pristopov dviga varnostno znanje in ozaveščenost projektnih skupin, spodbuja osredotočenost na reševanje varnostnih problemov, izboljša kakovost kode in procese pregledovanja kode ter spodbuja izvajanje prilagojenih varnostnih rešitev v končnih izdelkih. Čeprav so razvijalci poročali o krivulji učenja pri implementacijah teh pristopov, so skupine na splošno ugotovile, da so bila njihova začetna pričakovanja izpolnjena.

Keywords:razvoj varne programske opreme, inženiring programske opreme, agilno, vitko, majhna in srednje velika podjetja, menedžment razvoja programske opreme, varnost

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back