Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Introducing a novel security-enhanced agile software development process
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.ORCID iD: 0000-0002-9316-4842
Malmö University, SWE.
Fidesmo AB, SWE.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)In: International Journal of Secure Software Engineering, ISSN 1947-3036, E-ISSN 1947-3044, ISSN 1947-3036, Vol. 8, no 2Article in journal (Refereed) Accepted
Abstract [en]

In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis for identifying potential threats. As a general finding of implementing SEAP in software development, the developers solve a large proportion of the risks in a timely, yet cost-efficient manner. The default agile software development process at Ericsson AB, i.e. where SEAP was not included, required significantly more employee hours spent for every risk identified compared to when integrating SEAP. The default development process left 50.0% of the risks unattended in the software version that was released, while the application of SEAP reduced that figure to 22.5%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.9%, a more than five times increment.

Place, publisher, year, edition, pages
2017. Vol. 8, no 2
Keyword [en]
Software development, secure software development, secure agile development, agile method, software security, risk analysis, industrial setting, Ericsson AB
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-15165OAI: oai:DiVA.org:bth-15165DiVA: diva2:1143011
Available from: 2017-09-20 Created: 2017-09-20 Last updated: 2017-09-25Bibliographically approved

Open Access in DiVA

fulltext(1435 kB)85 downloads
File information
File name FULLTEXT01.pdfFile size 1435 kBChecksum SHA-512
15d376e6b4ab583c9a383f6e82671b8f8fd9033ebbac516ce662ecaeee3e87f0cfd3bdb07cfb47be0d61350c7729bc50e1f63baa788c061975ba053415751791
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Boldt, MartinCarlsson, Bengt
By organisation
Department of Computer Science and Engineering
In the same journal
International Journal of Secure Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 85 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 198 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf