Security Compliance in Agile Software Development: A Systematic Mapping StudyShow others and affiliations
2020 (English)In: Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020 / [ed] Martini A.,Wimmer M.,Skavhaug A., Institute of Electrical and Electronics Engineers Inc. , 2020, p. 413-420, article id 9226365Conference paper, Published paper (Refereed)
Abstract [en]
Companies adopting agile development tend to face challenges in complying with security norms. Existing research either focuses on how to integrate security into agile methods or on discussing compliance issues of agile methods but independently of the regulation type, in particular of security standards. A comprehensive overview of this scattered field is still missing and we know little about how to achieve security compliance in agile software development. Existing secondary studies (mapping studies and literature reviews) analyze publications on secure agile development, but they do not analyze implications of security standard compliance, e.g., integration of specific standard requirements or compliance assessments. To close this gap, we report on a systematic mapping study. Starting with a set of 2,383 papers, our work distills 11 relevant publications addressing security compliance in agile software development. With this study, we contribute by describing the maturity of the field, as well as domains where security compliant agile software engineering was investigated. Moreover, we make explicit which phases of a secure development process are covered by the field and which agile principles are analyzed when aiming at compliance with international security standards, country-specific security regulations, industry-specific security standards, and other well-known security frameworks. © 2020 IEEE.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2020. p. 413-420, article id 9226365
Keywords [en]
Agile Software Engineering, Secure Software Engineering, Security Compliance, Systematic Mapping Study, Application programs, Mapping, Network security, Regulatory compliance, Agile software development, Compliance assessments, International security, Security regulations, Standard requirements, Systematic mapping studies, Software design
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-20817DOI: 10.1109/SEAA51224.2020.00073ISI: 000702094100062Scopus ID: 2-s2.0-85096603749ISBN: 9781728195322 (print)OAI: oai:DiVA.org:bth-20817DiVA, id: diva2:1507409
Conference
46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020, Online, Kranj, Slovenia, 26 August 2020 through 28 August 2020
Part of project
SERT- Software Engineering ReThought, Knowledge Foundation2020-12-072020-12-072021-10-21Bibliographically approved