Reference Hub

This research has been cited in:

Article
Collaborative security risk estimation in agile software developmentInformation & Computer Security10.1108/ICS-12-2018-0138
Conference
The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projectsProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3340337
Conference
Achieving "Good Enough" Software SecurityProceedings of the Evaluation and Assessment in Software Engineering10.1145/3383219.3383267
Article
IT Security Is From Mars, Software Security Is From VenusIEEE Security & Privacy10.1109/MSEC.2020.2969064
Article
Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering TeamsJournal of Cybersecurity and Privacy10.3390/jcp2020015
Article
Towards a successful secure software acquisitionInformation and Software Technology10.1016/j.infsof.2023.107315
Article
A market for trading software issuesJournal of Cybersecurity10.1093/cybsec/tyz011
Article
Influencing the security prioritisation of an agile software development projectComputers & Security10.1016/j.cose.2022.102744
Conference
The Quality Triage Method: Quickly Identifying User Stories with Quality Risks2020 2nd International Conference on Societal Automation (SA)10.1109/SA51175.2021.9507110
Conference
Care and Feeding of Your Security Champion2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)10.1109/CyberSA52016.2021.9478254
Chapter
Building an Ambidextrous Software Security InitiativeResearch Anthology on Agile Software, Software Development, and Testing10.4018/978-1-6684-3702-5.ch032
Chapter
Towards a Conceptual Framework for Security Requirements Work in Agile Software DevelopmentResearch Anthology on Agile Software, Software Development, and Testing10.4018/978-1-6684-3702-5.ch012
Article
Towards a Conceptual Framework for Security Requirements Work in Agile Software DevelopmentInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.2020010103
Chapter
Building an Ambidextrous Software Security InitiativeBalancing Agile and Disciplined Engineering and Management Approaches for IT Services and Software Products10.4018/978-1-7998-4165-4.ch009

Risk Centric Activities in Secure Software Development in Public Organisations

Inger Anne Tøndel, Martin Gilje Jaatun, Daniela Soares Cruzes, Nils Brede Moe

Source Title: International Journal of Secure Software Engineering (IJSSE)8(4)

ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781522513889|DOI: 10.4018/IJSSE.2017100101

Cite Article Cite Article

MLA

Tøndel, Inger Anne, et al. "Risk Centric Activities in Secure Software Development in Public Organisations." IJSSE vol.8, no.4 2017: pp.1-30. http://doi.org/10.4018/IJSSE.2017100101

APA

Tøndel, I. A., Jaatun, M. G., Cruzes, D. S., & Moe, N. B. (2017). Risk Centric Activities in Secure Software Development in Public Organisations. International Journal of Secure Software Engineering (IJSSE), 8(4), 1-30. http://doi.org/10.4018/IJSSE.2017100101

Chicago

Tøndel, Inger Anne, et al. "Risk Centric Activities in Secure Software Development in Public Organisations," International Journal of Secure Software Engineering (IJSSE) 8, no.4: 1-30. http://doi.org/10.4018/IJSSE.2017100101

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article presents the results of a study made among 23 public organisations, mapping their risk-centric activities and practices, and challenges for implementing them. The authors found that their software security practices were not based on an assessment of software security risks, but rather driven by compliance. Additionally, their practices could in many cases be characterised as arbitrary, late and error driven, with limited follow up on any security issues throughout their software development projects. Based on the results of the study, the authors identified the need for improvements in three main areas: responsibilities and stakeholder cooperation; risk perception and competence; and, practical ways of doing risk analysis in agile projects.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Risk Centric Activities in Secure Software Development in Public Organisations

MLA

APA

Chicago

Export Reference

Abstract

Request Access