Challenges in Developing Secure Software within Agile Environments
Pages 652 - 661
Abstract
Context: Agile methodologies have gained immense popularity in software development organizations for their numerous advantages, like increased flexibility and better customer satisfaction. However, integrating security measures into Agile practices presents significant challenges and complexities.
Objectives: The primary goal is to identify and analyze challenges associated with developing secure software in Agile environments. This entails evaluating the validity of these challenges concerning Agile principles and secure software assurance practices.
Methodology: A systematic literature review methodology was used to identify these challenges. Fifteen publications were scrutinized to identify potential challenges, resulting in the identification of 26 challenges.
Results: The literature review revealed significant challenges in creating secure software within Agile contexts. Five were invalidated among the 26 potential challenges, while the remaining 21 were deemed valid and categorized. The challenges span various aspects of the development process, indicating the multifaceted nature of the issue.
Conclusion: Addressing the identified challenges necessitates a dual focus on Agile methodologies and the requisites for secure software development. By acknowledging and confronting these challenges, practitioners can devise effective strategies to enhance the security of Agile software development practices. Furthermore, the findings serve as a foundation for formulating best practices in secure software development within Agile frameworks, thereby facilitating the advancement of secure software engineering methodologies.
References
[1]
H. Oueslati, M. M. Rahman, and L. ben Othmane, “Literature review of the challenges of developing secure software using the agile approach,” in 2015 10th International Conference on Availability, Reliability and Security. IEEE, 2015, pp. 540–547.
[2]
F. Moy´on, P. Almeida, D. Riofr´ıo, D. Mendez, and M. Kalinowski, “Security compliance in agile software development: a systematic mapping study,” in 2020 46th
[3]
H. Oueslati, M. M. Rahman, L. ben Othmane, I. Ghani, and A. F. B. Arbain, “Evaluation of the challenges of developing secure software using the agile approach,” International Journal of Secure Software Engineering (IJSSE), vol. 7, no. 1, pp. 17–37, 2016.
[4]
N. Newton, C. Anslow, and A. Drechsler, “Information security in agile software development projects: a critical success factor perspective,” 2019.
[5]
S. N¨agele, J.-P. Watzelt, and F. Matthes, “Investigating the current state of security in large-scale agile develop- ment,” in Agile Processes in Software Engineering and Extreme Programming: 23rd International Conference on Agile Software Development, XP 2022, Copenhagen, Denmark, June 13–17, 2022, Proceedings. Springer, 2022, pp. 203– 219.
[6]
K. R. Riisom, M. S. Hubel, H. M. Alradhi, N. B. Nielsen, K. Kuusinen, and R. Jabangwe, “Software security in agile software development: A literature review of challenges and solutions,” in Proceedings of the 19th International Conference on Agile Software Development: Companion, 2018.
[7]
R. Khaim, S. Naz, F. Abbas, N. Iqbal, M. Hamayun, and R. Pakistan, “A review of security integration technique in agile software development,” Int. J. Softw. Eng. Appl, vol. 7, no. 3, pp. 49–68, 2016.
[8]
D. Bishop and P. Rowland, “Agile and secure software development: An unfinished story,” 2019.
[9]
Keele, “Guidelines for performing systematic literature reviews in software engineering,” 2007.
[10]
N.A “Better systematic review management,” May 2023. [Online]. Available: https://www.covidence.org
[11]
Anne-WilHarzing, “Publish or perish.” [Online]. Available: https://harzing.com/resources/publish-or-peris.
[12]
M. Pazos-Revilla and A. Siraj, “Tools and techniques for sse-cmm implementation,” in Proc. 12th World Multi-Conf. Syst., Cybern., Informat., 2008.
[13]
S. H. Adelyar and A. Norta, “Towards a secure agile software development process,” in 2016 10th International Conference on the Quality of Information and Communications Technology (QUATIC). IEEE, 2016, pp. 101–106.
[14]
. M. Machiridza, “Misalignment challenges when integrating security requirements into mobile banking applica- tion development,” 2016.
[15]
I. A. Tøndel, D. S. Cruzes, M. G. Jaatun, and G. Sindre, “Influencing the security prioritisation of an agile software development project,” Computers & Security, vol. 118, p. 102744, 2022.
[16]
F. Angermeir, M. Voggenreiter, F. Moy´on, and D. Mendez, “Enterprisedriven open source software: a case study on security automation,” in 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 2021, pp. 278–287.
[17]
K. Bernsmed, D. S. Cruzes, M. G. Jaatun, and M. Iovan, “Adopting threat modelling in agile software development projects,” Journal of Systems and Software, vol. 183, p. 111090, 2022.
[18]
D. S. Cruzes, M. G. Jaatun, K. Bernsmed, and I. A. Tøndel, “Challenges and experiences with applying microsoft threat modeling in agile development projects,” in 2018 25th Australasian Software Engineering Conference (ASWEC). IEEE, 2018, pp. 111–120.
[19]
F. Moy´on, D. M´endez, K. Beckers, and S. Klepper, “How to integrate security compliance requirements with agile software engineering at scale?” in Product-Focused Software Process Improvement: 21st International Conference, PROFES 2020, Turin, Italy, November 25–27, 2020, Proceedings 21. Springer, 2020, pp. 69–87.
[20]
K. Bernsmed and M. G. Jaatun, “Threat modelling and agile software development: Identified practice in four norwegian organisations,” in 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, 2019, pp. 1–8.
[21]
N. Onumah, S. Attwood, and R. Kharel, “Towards secure application development: A cyber security centred holistic approach,” in 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP). IEEE, 2020, pp. 1–6.
[22]
I. A. Tøndel, M. G. Jaatun, D. S. Cruzes, and N. B. Moe, “Risk centric activities in secure software development in public organisations,” International Journal of Secure Software Engineering (IJSSE), vol. 8, no. 4, pp. 1–30, 2017
[23]
L. Ramadani and N. I. Utama, “Preliminary investigation,” in 2015 Second International Conference on Computing Technology and Information Management (ICCTIM). IEEE, 2015, pp. 134–139.
[24]
A. N. Duc, R. Jabangwe, P. Paul, and P. Abrahamsson, “Security challenges in iot development: a software engineering perspective,” in Proceedings of the XP2017 scientific workshops, 2017, pp. 1–5.
[25]
S. T¨urpe and A. Poller, “Managing security work in scrum: Tensions and challenges.” SecSE ESORICS, vol. 2017, pp. 34–49, 2017.
[26]
A. Tuladhar, D. Lende, J. Ligatti, and X. Ou, “An analysis of the role of situated learning in starting a security culture in a software company,” in Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 2021.
Index Terms
- Challenges in Developing Secure Software within Agile Environments
Recommendations
Adopting to Agile Software Development
Abstract Agile software development can be made successful, but there is no well-defined way how to achieve this. The problem is that the successful adoption of agile methods and practices is a complex process and this process should be customizable for ...
Agile and hackathons: a case study of emergent practices at the FNB codefest
SAICSIT '17: Proceedings of the South African Institute of Computer Scientists and Information TechnologistsHackathons and similar innovation contests can accelerate the development of software prototypes to help large corporates such as banks experiment with new technology. These companies may also be adopting Agile in their existing software development ...
Agile Software Development: The Straight and Narrow Path to Secure Software?
In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile ...
Comments
Information & Contributors
Information
Published In
June 2024
728 pages
ISBN:9798400717017
DOI:10.1145/3661167
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- King Fahd University of Petroleum and Minerals
Conference
EASE 2024
EASE 2024: 28th International Conference on Evaluation and Assessment in Software Engineering
June 18 - 21, 2024
Salerno, Italy
Acceptance Rates
Overall Acceptance Rate 71 of 232 submissions, 31%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 91Total Downloads
- Downloads (Last 12 months)91
- Downloads (Last 6 weeks)26
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format